<!doctype html><html lang="en">
 <head>
  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  <meta content="width=device-width, initial-scale=1, shrink-to-fit=no" name="viewport">
  <title>Trusted Types</title>
<style data-fill-with="stylesheet">/******************************************************************************
 *                   Style sheet for the W3C specifications                   *
 *
 * Special classes handled by this style sheet include:
 *
 * Indices
 *   - .toc for the Table of Contents (<ol class="toc">)
 *     + <span class="secno"> for the section numbers
 *   - #toc for the Table of Contents (<nav id="toc">)
 *   - ul.index for Indices (<a href="#ref">term</a><span>, in §N.M</span>)
 *   - table.index for Index Tables (e.g. for properties or elements)
 *
 * Structural Markup
 *   - table.data for general data tables
 *     -> use 'scope' attribute, <colgroup>, <thead>, and <tbody> for best results !
 *     -> use <table class='complex data'> for extra-complex tables
 *     -> use <td class='long'> for paragraph-length cell content
 *     -> use <td class='pre'> when manual line breaks/indentation would help readability
 *   - dl.switch for switch statements
 *   - ol.algorithm for algorithms (helps to visualize nesting)
 *   - .figure and .caption (HTML4) and figure and figcaption (HTML5)
 *     -> .sidefigure for right-floated figures
 *   - ins/del
 *
 * Code
 *   - pre and code
 *
 * Special Sections
 *   - .note       for informative notes             (div, p, span, aside, details)
 *   - .example    for informative examples          (div, p, pre, span)
 *   - .issue      for issues                        (div, p, span)
 *   - .assertion  for assertions                    (div, p, span)
 *   - .advisement for loud normative statements     (div, p, strong)
 *   - .annoying-warning for spec obsoletion notices (div, aside, details)
 *
 * Definition Boxes
 *   - pre.def   for WebIDL definitions
 *   - table.def for tables that define other entities (e.g. CSS properties)
 *   - dl.def    for definition lists that define other entitles (e.g. HTML elements)
 *
 * Numbering
 *   - .secno for section numbers in .toc and headings (<span class='secno'>3.2</span>)
 *   - .marker for source-inserted example/figure/issue numbers (<span class='marker'>Issue 4</span>)
 *   - ::before styled for CSS-generated issue/example/figure numbers:
 *     -> Documents wishing to use this only need to add
 *        figcaption::before,
 *        .caption::before { content: "Figure "  counter(figure) " ";  }
 *        .example::before { content: "Example " counter(example) " "; }
 *        .issue::before   { content: "Issue "   counter(issue) " ";   }
 *
 * Header Stuff (ignore, just don't conflict with these classes)
 *   - .head for the header
 *   - .copyright for the copyright
 *
 * Miscellaneous
 *   - .overlarge for things that should be as wide as possible, even if
 *     that overflows the body text area. This can be used on an item or
 *     on its container, depending on the effect desired.
 *     Note that this styling basically doesn't help at all when printing,
 *     since A4 paper isn't much wider than the max-width here.
 *     It's better to design things to fit into a narrower measure if possible.
 *   - js-added ToC jump links (see fixup.js)
 *
 ******************************************************************************/

/******************************************************************************/
/*                                   Body                                     */
/******************************************************************************/

	body {
		counter-reset: example figure issue;

		/* Layout */
		max-width: 50em;               /* limit line length to 50em for readability   */
		margin: 0 auto;                /* center text within page                     */
		padding: 1.6em 1.5em 2em 50px; /* assume 16px font size for downlevel clients */
		padding: 1.6em 1.5em 2em calc(26px + 1.5em); /* leave space for status flag     */

		/* Typography */
		line-height: 1.5;
		font-family: sans-serif;
		widows: 2;
		orphans: 2;
		word-wrap: break-word;
		overflow-wrap: break-word;
		hyphens: auto;

		/* Colors */
		color: black;
		background: white top left fixed no-repeat;
		background-size: 25px auto;
	}


/******************************************************************************/
/*                         Front Matter & Navigation                          */
/******************************************************************************/

/** Header ********************************************************************/

	div.head { margin-bottom: 1em }
	div.head hr { border-style: solid; }

	div.head h1 {
		font-weight: bold;
		margin: 0 0 .1em;
		font-size: 220%;
	}

	div.head h2 { margin-bottom: 1.5em;}

/** W3C Logo ******************************************************************/

	.head .logo {
		float: right;
		margin: 0.4rem 0 0.2rem .4rem;
	}

	.head img[src*="logos/W3C"] {
		display: block;
		border: solid #1a5e9a;
		border-width: .65rem .7rem .6rem;
		border-radius: .4rem;
		background: #1a5e9a;
		color: white;
		font-weight: bold;
	}

	.head a:hover > img[src*="logos/W3C"],
	.head a:focus > img[src*="logos/W3C"] {
		opacity: .8;
	}

	.head a:active > img[src*="logos/W3C"] {
		background: #c00;
		border-color: #c00;
	}

	/* see also additional rules in Link Styling section */

/** Copyright *****************************************************************/

	p.copyright,
	p.copyright small { font-size: small }

/** Back to Top / ToC Toggle **************************************************/

	@media print {
		#toc-nav {
			display: none;
		}
	}
	@media not print {
		#toc-nav {
			position: fixed;
			z-index: 2;
			bottom: 0; left: 0;
			margin: 0;
			min-width: 1.33em;
			border-top-right-radius: 2rem;
			box-shadow: 0 0 2px;
			font-size: 1.5em;
			color: black;
		}
		#toc-nav > a {
			display: block;
			white-space: nowrap;

			height: 1.33em;
			padding: .1em 0.3em;
			margin: 0;

			background: white;
			box-shadow: 0 0 2px;
			border: none;
			border-top-right-radius: 1.33em;
			background: white;
		}
		#toc-nav > #toc-jump {
			padding-bottom: 2em;
			margin-bottom: -1.9em;
		}

		#toc-nav > a:hover,
		#toc-nav > a:focus {
			background: #f8f8f8;
		}
		#toc-nav > a:not(:hover):not(:focus) {
			color: #707070;
		}

		/* statusbar gets in the way on keyboard focus; remove once browsers fix */
		#toc-nav > a[href="#toc"]:not(:hover):focus:last-child {
			padding-bottom: 1.5rem;
		}

		#toc-nav:not(:hover) > a:not(:focus) > span + span {
			/* Ideally this uses :focus-within on #toc-nav */
			display: none;
		}
		#toc-nav > a > span + span {
			padding-right: 0.2em;
		}

		#toc-toggle-inline {
			vertical-align: 0.05em;
			font-size: 80%;
			color: gray;
			color: hsla(203,20%,40%,.7);
			border-style: none;
			background: transparent;
			position: relative;
		}
		#toc-toggle-inline:hover:not(:active),
		#toc-toggle-inline:focus:not(:active) {
			text-shadow: 1px 1px silver;
			top: -1px;
			left: -1px;
		}

		#toc-nav :active {
			color: #C00;
		}
	}

/** ToC Sidebar ***************************************************************/

	/* Floating sidebar */
	@media screen {
		body.toc-sidebar #toc {
			position: fixed;
			top: 0; bottom: 0;
			left: 0;
			width: 23.5em;
			max-width: 80%;
			max-width: calc(100% - 2em - 26px);
			overflow: auto;
			padding: 0 1em;
			padding-left: 42px;
			padding-left: calc(1em + 26px);
			background: inherit;
			background-color: #f7f8f9;
			z-index: 1;
			box-shadow: -.1em 0 .25em rgba(0,0,0,.1) inset;
		}
		body.toc-sidebar #toc h2 {
			margin-top: .8rem;
			font-variant: small-caps;
			font-variant: all-small-caps;
			text-transform: lowercase;
			font-weight: bold;
			color: gray;
			color: hsla(203,20%,40%,.7);
		}
		body.toc-sidebar #toc-jump:not(:focus) {
			width: 0;
			height: 0;
			padding: 0;
			position: absolute;
			overflow: hidden;
		}
	}
	/* Hide main scroller when only the ToC is visible anyway */
	@media screen and (max-width: 28em) {
		body.toc-sidebar {
			overflow: hidden;
		}
	}

	/* Sidebar with its own space */
	@media screen and (min-width: 78em) {
		body:not(.toc-inline) #toc {
			position: fixed;
			top: 0; bottom: 0;
			left: 0;
			width: 23.5em;
			overflow: auto;
			padding: 0 1em;
			padding-left: 42px;
			padding-left: calc(1em + 26px);
			background: inherit;
			background-color: #f7f8f9;
			z-index: 1;
			box-shadow: -.1em 0 .25em rgba(0,0,0,.1) inset;
		}
		body:not(.toc-inline) #toc h2 {
			margin-top: .8rem;
			font-variant: small-caps;
			font-variant: all-small-caps;
			text-transform: lowercase;
			font-weight: bold;
			color: gray;
			color: hsla(203,20%,40%,.7);
		}

		body:not(.toc-inline) {
			padding-left: 29em;
		}
		/* See also Overflow section at the bottom */

		body:not(.toc-inline) #toc-jump:not(:focus) {
			width: 0;
			height: 0;
			padding: 0;
			position: absolute;
			overflow: hidden;
		}
	}
	@media screen and (min-width: 90em) {
		body:not(.toc-inline) {
			margin: 0 4em;
		}
	}

/******************************************************************************/
/*                                Sectioning                                  */
/******************************************************************************/

/** Headings ******************************************************************/

	h1, h2, h3, h4, h5, h6, dt {
		page-break-after: avoid;
		page-break-inside: avoid;
		font: 100% sans-serif;   /* Reset all font styling to clear out UA styles */
		font-family: inherit;    /* Inherit the font family. */
		line-height: 1.2;        /* Keep wrapped headings compact */
		hyphens: manual;         /* Hyphenated headings look weird */
	}

	h2, h3, h4, h5, h6 {
		margin-top: 3rem;
	}

	h1, h2, h3 {
		color: #005A9C;
		background: transparent;
	}

	h1 { font-size: 170%; }
	h2 { font-size: 140%; }
	h3 { font-size: 120%; }
	h4 { font-weight: bold; }
	h5 { font-style: italic; }
	h6 { font-variant: small-caps; }
	dt { font-weight: bold; }

/** Subheadings ***************************************************************/

	h1 + h2,
	#subtitle {
		/* #subtitle is a subtitle in an H2 under the H1 */
		margin-top: 0;
	}
	h2 + h3,
	h3 + h4,
	h4 + h5,
	h5 + h6 {
		margin-top: 1.2em; /* = 1 x line-height */
	}

/** Section divider ***********************************************************/

	:not(.head) > hr {
		font-size: 1.5em;
		text-align: center;
		margin: 1em auto;
		height: auto;
		border: transparent solid 0;
		background: transparent;
	}
	:not(.head) > hr::before {
		content: "\2727\2003\2003\2727\2003\2003\2727";
	}

/******************************************************************************/
/*                            Paragraphs and Lists                            */
/******************************************************************************/

	p {
		margin: 1em 0;
	}

	dd > p:first-child,
	li > p:first-child {
		margin-top: 0;
	}

	ul, ol {
		margin-left: 0;
		padding-left: 2em;
	}

	li {
		margin: 0.25em 0 0.5em;
		padding: 0;
	}

	dl dd {
		margin: 0 0 .5em 2em;
	}

	.head dd + dd { /* compact for header */
		margin-top: -.5em;
	}

	/* Style for algorithms */
	ol.algorithm ol:not(.algorithm),
	.algorithm > ol ol:not(.algorithm) {
	 border-left: 0.5em solid #DEF;
	}

	/* Put nice boxes around each algorithm. */
	[data-algorithm]:not(.heading) {
	  padding: .5em;
	  border: thin solid #ddd; border-radius: .5em;
	  margin: .5em calc(-0.5em - 1px);
	}
	[data-algorithm]:not(.heading) > :first-child {
	  margin-top: 0;
	}
	[data-algorithm]:not(.heading) > :last-child {
	  margin-bottom: 0;
	}

	/* Style for switch/case <dl>s */
	dl.switch > dd > ol.only,
	dl.switch > dd > .only > ol {
	 margin-left: 0;
	}
	dl.switch > dd > ol.algorithm,
	dl.switch > dd > .algorithm > ol {
	 margin-left: -2em;
	}
	dl.switch {
	 padding-left: 2em;
	}
	dl.switch > dt {
	 text-indent: -1.5em;
	 margin-top: 1em;
	}
	dl.switch > dt + dt {
	 margin-top: 0;
	}
	dl.switch > dt::before {
	 content: '\21AA';
	 padding: 0 0.5em 0 0;
	 display: inline-block;
	 width: 1em;
	 text-align: right;
	 line-height: 0.5em;
	}

/** Terminology Markup ********************************************************/


/******************************************************************************/
/*                                 Inline Markup                              */
/******************************************************************************/

/** Terminology Markup ********************************************************/
	dfn   { /* Defining instance */
		font-weight: bolder;
	}
	a > i { /* Instance of term */
		font-style: normal;
	}
	dt dfn code, code.idl {
		font-size: medium;
	}
	dfn var {
		font-style: normal;
	}

/** Change Marking ************************************************************/

	del { color: red;  text-decoration: line-through; }
	ins { color: #080; text-decoration: underline;    }

/** Miscellaneous improvements to inline formatting ***************************/

	sup {
		vertical-align: super;
		font-size: 80%
	}

/******************************************************************************/
/*                                    Code                                    */
/******************************************************************************/

/** General monospace/pre rules ***********************************************/

	pre, code, samp {
		font-family: Menlo, Consolas, "DejaVu Sans Mono", Monaco, monospace;
		font-size: .9em;
		page-break-inside: avoid;
		hyphens: none;
		text-transform: none;
	}
	pre code,
	code code {
		font-size: 100%;
	}

	pre {
		margin-top: 1em;
		margin-bottom: 1em;
		overflow: auto;
	}

/** Inline Code fragments *****************************************************/

  /* Do something nice. */

/******************************************************************************/
/*                                    Links                                   */
/******************************************************************************/

/** General Hyperlinks ********************************************************/

	/* We hyperlink a lot, so make it less intrusive */
	a[href] {
		color: #034575;
		text-decoration: none;
		border-bottom: 1px solid #707070;
		/* Need a bit of extending for it to look okay */
		padding: 0 1px 0;
		margin: 0 -1px 0;
	}
	a:visited {
		border-bottom-color: #BBB;
	}

	/* Use distinguishing colors when user is interacting with the link */
	a[href]:focus,
	a[href]:hover {
		background: #f8f8f8;
		background: rgba(75%, 75%, 75%, .25);
		border-bottom-width: 3px;
		margin-bottom: -2px;
	}
	a[href]:active {
		color: #C00;
		border-color: #C00;
	}

	/* Backout above styling for W3C logo */
	.head .logo,
	.head .logo a {
		border: none;
		text-decoration: none;
		background: transparent;
	}

/******************************************************************************/
/*                                    Images                                  */
/******************************************************************************/

	img {
		border-style: none;
	}

	/* For autogen numbers, add
	   .caption::before, figcaption::before { content: "Figure " counter(figure) ". "; }
	*/

	figure, .figure, .sidefigure {
		page-break-inside: avoid;
		text-align: center;
		margin: 2.5em 0;
	}
	.figure img,    .sidefigure img,    figure img,
	.figure object, .sidefigure object, figure object {
		max-width: 100%;
		margin: auto;
	}
	.figure pre, .sidefigure pre, figure pre {
		text-align: left;
		display: table;
		margin: 1em auto;
	}
	.figure table, figure table {
		margin: auto;
	}
	@media screen and (min-width: 20em) {
		.sidefigure {
			float: right;
			width: 50%;
			margin: 0 0 0.5em 0.5em
		}
	}
	.caption, figcaption, caption {
		font-style: italic;
		font-size: 90%;
	}
	.caption::before, figcaption::before, figcaption > .marker {
		font-weight: bold;
	}
	.caption, figcaption {
		counter-increment: figure;
	}

	/* DL list is indented 2em, but figure inside it is not */
	dd > .figure, dd > figure { margin-left: -2em }

/******************************************************************************/
/*                             Colored Boxes                                  */
/******************************************************************************/

	.issue, .note, .example, .assertion, .advisement, blockquote {
		padding: .5em;
		border: .5em;
		border-left-style: solid;
		page-break-inside: avoid;
	}
	span.issue, span.note {
		padding: .1em .5em .15em;
		border-right-style: solid;
	}

	.issue,
	.note,
	.example,
	.advisement,
	.assertion,
	blockquote {
		margin: 1em auto;
	}
	.note  > p:first-child,
	.issue > p:first-child,
	blockquote > :first-child {
		margin-top: 0;
	}
	blockquote > :last-child {
		margin-bottom: 0;
	}

/** Blockquotes ***************************************************************/

	blockquote {
		border-color: silver;
	}

/** Open issue ****************************************************************/

	.issue {
		border-color: #E05252;
		background: #FBE9E9;
		counter-increment: issue;
		overflow: auto;
	}
	.issue::before, .issue > .marker {
		text-transform: uppercase;
		color: #AE1E1E;
		padding-right: 1em;
		text-transform: uppercase;
	}
	/* Add .issue::before { content: "Issue " counter(issue) " "; } for autogen numbers,
	   or use class="marker" to mark up the issue number in source. */

/** Example *******************************************************************/

	.example {
		border-color: #E0CB52;
		background: #FCFAEE;
		counter-increment: example;
		overflow: auto;
		clear: both;
	}
	.example::before, .example > .marker {
		text-transform: uppercase;
		color: #827017;
		min-width: 7.5em;
		display: block;
	}
	/* Add .example::before { content: "Example " counter(example) " "; } for autogen numbers,
	   or use class="marker" to mark up the example number in source. */

/** Non-normative Note ********************************************************/

	.note {
		border-color: #52E052;
		background: #E9FBE9;
		overflow: auto;
	}

	.note::before, .note > .marker,
	details.note > summary::before,
	details.note > summary > .marker {
		text-transform: uppercase;
		display: block;
		color: hsl(120, 70%, 30%);
	}
	/* Add .note::before { content: "Note"; } for autogen label,
	   or use class="marker" to mark up the label in source. */

	details.note > summary {
		display: block;
		color: hsl(120, 70%, 30%);
	}
	details.note[open] > summary {
		border-bottom: 1px silver solid;
	}

/** Assertion Box *************************************************************/
	/*  for assertions in algorithms */

	.assertion {
		border-color: #AAA;
		background: #EEE;
	}

/** Advisement Box ************************************************************/
	/*  for attention-grabbing normative statements */

	.advisement {
		border-color: orange;
		border-style: none solid;
		background: #FFEECC;
	}
	strong.advisement {
		display: block;
		text-align: center;
	}
	.advisement > .marker {
		color: #B35F00;
	}

/** Spec Obsoletion Notice ****************************************************/
	/* obnoxious obsoletion notice for older/abandoned specs. */

	details {
		display: block;
	}
	summary {
		font-weight: bolder;
	}

	.annoying-warning:not(details),
	details.annoying-warning:not([open]) > summary,
	details.annoying-warning[open] {
		background: #fdd;
		color: red;
		font-weight: bold;
		padding: .75em 1em;
		border: thick red;
		border-style: solid;
		border-radius: 1em;
	}
	.annoying-warning :last-child {
		margin-bottom: 0;
	}

@media not print {
	details.annoying-warning[open] {
		position: fixed;
		left: 1em;
		right: 1em;
		bottom: 1em;
		z-index: 1000;
	}
}

	details.annoying-warning:not([open]) > summary {
		text-align: center;
	}

/** Entity Definition Boxes ***************************************************/

	.def {
		padding: .5em 1em;
		background: #DEF;
		margin: 1.2em 0;
		border-left: 0.5em solid #8CCBF2;
	}

/******************************************************************************/
/*                                    Tables                                  */
/******************************************************************************/

	th, td {
		text-align: left;
		text-align: start;
	}

/** Property/Descriptor Definition Tables *************************************/

	table.def {
		/* inherits .def box styling, see above */
		width: 100%;
		border-spacing: 0;
	}

	table.def td,
	table.def th {
		padding: 0.5em;
		vertical-align: baseline;
		border-bottom: 1px solid #bbd7e9;
	}

	table.def > tbody > tr:last-child th,
	table.def > tbody > tr:last-child td {
		border-bottom: 0;
	}

	table.def th {
		font-style: italic;
		font-weight: normal;
		padding-left: 1em;
		width: 3em;
	}

	/* For when values are extra-complex and need formatting for readability */
	table td.pre {
		white-space: pre-wrap;
	}

	/* A footnote at the bottom of a def table */
	table.def           td.footnote {
		padding-top: 0.6em;
	}
	table.def           td.footnote::before {
		content: " ";
		display: block;
		height: 0.6em;
		width: 4em;
		border-top: thin solid;
	}

/** Data tables (and properly marked-up index tables) *************************/
	/*
		 <table class="data"> highlights structural relationships in a table
		 when correct markup is used (e.g. thead/tbody, th vs. td, scope attribute)

		 Use class="complex data" for particularly complicated tables --
		 (This will draw more lines: busier, but clearer.)

		 Use class="long" on table cells with paragraph-like contents
		 (This will adjust text alignment accordingly.)
		 Alternately use class="longlastcol" on tables, to have the last column assume "long".
	*/

	table {
		word-wrap: normal;
		overflow-wrap: normal;
		hyphens: manual;
	}

	table.data,
	table.index {
		margin: 1em auto;
		border-collapse: collapse;
		border: hidden;
		width: 100%;
	}
	table.data caption,
	table.index caption {
		max-width: 50em;
		margin: 0 auto 1em;
	}

	table.data td,  table.data th,
	table.index td, table.index th {
		padding: 0.5em 1em;
		border-width: 1px;
		border-color: silver;
		border-top-style: solid;
	}

	table.data thead td:empty {
		padding: 0;
		border: 0;
	}

	table.data  thead,
	table.index thead,
	table.data  tbody,
	table.index tbody {
		border-bottom: 2px solid;
	}

	table.data colgroup,
	table.index colgroup {
		border-left: 2px solid;
	}

	table.data  tbody th:first-child,
	table.index tbody th:first-child  {
		border-right: 2px solid;
		border-top: 1px solid silver;
		padding-right: 1em;
	}

	table.data th[colspan],
	table.data td[colspan] {
		text-align: center;
	}

	table.complex.data th,
	table.complex.data td {
		border: 1px solid silver;
		text-align: center;
	}

	table.data.longlastcol td:last-child,
	table.data td.long {
	 vertical-align: baseline;
	 text-align: left;
	}

	table.data img {
		vertical-align: middle;
	}


/*
Alternate table alignment rules

	table.data,
	table.index {
		text-align: center;
	}

	table.data  thead th[scope="row"],
	table.index thead th[scope="row"] {
		text-align: right;
	}

	table.data  tbody th:first-child,
	table.index tbody th:first-child  {
		text-align: right;
	}

Possible extra rowspan handling

	table.data  tbody th[rowspan]:not([rowspan='1']),
	table.index tbody th[rowspan]:not([rowspan='1']),
	table.data  tbody td[rowspan]:not([rowspan='1']),
	table.index tbody td[rowspan]:not([rowspan='1']) {
		border-left: 1px solid silver;
	}

	table.data  tbody th[rowspan]:first-child,
	table.index tbody th[rowspan]:first-child,
	table.data  tbody td[rowspan]:first-child,
	table.index tbody td[rowspan]:first-child{
		border-left: 0;
		border-right: 1px solid silver;
	}
*/

/******************************************************************************/
/*                                  Indices                                   */
/******************************************************************************/


/** Table of Contents *********************************************************/

	.toc a {
		/* More spacing; use padding to make it part of the click target. */
		padding-top: 0.1rem;
		/* Larger, more consistently-sized click target */
		display: block;
		/* Reverse color scheme */
		color: black;
		border-color: #3980B5;
		border-bottom-width: 3px !important;
		margin-bottom: 0px !important;
	}
	.toc a:visited {
		border-color: #054572;
	}
	.toc a:not(:focus):not(:hover) {
		/* Allow colors to cascade through from link styling */
		border-bottom-color: transparent;
	}

	.toc, .toc ol, .toc ul, .toc li {
		list-style: none; /* Numbers must be inlined into source */
		/* because generated content isn't search/selectable and markers can't do multilevel yet */
		margin:  0;
		padding: 0;
		line-height: 1.1rem; /* consistent spacing */
	}

	/* ToC not indented until third level, but font style & margins show hierarchy */
	.toc > li             { font-weight: bold;   }
	.toc > li li          { font-weight: normal; }
	.toc > li li li       { font-size:   95%;    }
	.toc > li li li li    { font-size:   90%;    }
	.toc > li li li li .secno { font-size: 85%; }
	.toc > li li li li li { font-size:   85%;    }
	.toc > li li li li li .secno { font-size: 100%; }

	/* @supports not (display:grid) { */
		.toc > li             { margin: 1.5rem 0;    }
		.toc > li li          { margin: 0.3rem 0;    }
		.toc > li li li       { margin-left: 2rem;   }

		/* Section numbers in a column of their own */
		.toc .secno {
			float: left;
			width: 4rem;
			white-space: nowrap;
		}

		.toc li {
			clear: both;
		}

		:not(li) > .toc              { margin-left:  5rem; }
		.toc .secno                  { margin-left: -5rem; }
		.toc > li li li .secno       { margin-left: -7rem; }
		.toc > li li li li .secno    { margin-left: -9rem; }
		.toc > li li li li li .secno { margin-left: -11rem; }

		/* Tighten up indentation in narrow ToCs */
		@media (max-width: 30em) {
			:not(li) > .toc              { margin-left:  4rem; }
			.toc .secno                  { margin-left: -4rem; }
			.toc > li li li              { margin-left:  1rem; }
			.toc > li li li .secno       { margin-left: -5rem; }
			.toc > li li li li .secno    { margin-left: -6rem; }
			.toc > li li li li li .secno { margin-left: -7rem; }
		}
	/* } */

	@supports (display:grid) and (display:contents) {
		/* Use #toc over .toc to override non-@supports rules. */
		#toc {
			display: grid;
			align-content: start;
			grid-template-columns: auto 1fr;
			grid-column-gap: 1rem;
			column-gap: 1rem;
			grid-row-gap: .6rem;
			row-gap: .6rem;
		}
		#toc h2 {
			grid-column: 1 / -1;
			margin-bottom: 0;
		}
		#toc ol,
		#toc li,
		#toc a {
			display: contents;
			/* Switch <a> to subgrid when supported */
		}
		#toc span {
			margin: 0;
		}
		#toc > .toc > li > a > span {
			/* The spans of the top-level list,
			   comprising the first items of each top-level section. */
			margin-top: 1.1rem;
		}
		#toc#toc .secno { /* Ugh, need more specificity to override base.css */
			grid-column: 1;
			width: auto;
			margin-left: 0;
		}
		#toc .content {
			grid-column: 2;
			width: auto;
			margin-right: 1rem;
		}
		#toc .content:hover {
			background: rgba(75%, 75%, 75%, .25);
			border-bottom: 3px solid #054572;
			margin-bottom: -3px;
		}
		#toc li li li .content {
			margin-left: 1rem;
		}
		#toc li li li li .content {
			margin-left: 2rem;
		}
	}


/** Index *********************************************************************/

	/* Index Lists: Layout */
	ul.index       { margin-left: 0; columns: 15em; text-indent: 1em hanging; }
	ul.index li    { margin-left: 0; list-style: none; break-inside: avoid; }
	ul.index li li { margin-left: 1em }
	ul.index dl    { margin-top: 0; }
	ul.index dt    { margin: .2em 0 .2em 20px;}
	ul.index dd    { margin: .2em 0 .2em 40px;}
	/* Index Lists: Typography */
	ul.index ul,
	ul.index dl { font-size: smaller; }
	@media not print {
		ul.index li span {
			white-space: nowrap;
			color: transparent; }
		ul.index li a:hover + span,
		ul.index li a:focus + span {
			color: #707070;
		}
	}

/** Index Tables *****************************************************/
	/* See also the data table styling section, which this effectively subclasses */

	table.index {
		font-size: small;
		border-collapse: collapse;
		border-spacing: 0;
		text-align: left;
		margin: 1em 0;
	}

	table.index td,
	table.index th {
		padding: 0.4em;
	}

	table.index tr:hover td:not([rowspan]),
	table.index tr:hover th:not([rowspan]) {
		background: #f7f8f9;
	}

	/* The link in the first column in the property table (formerly a TD) */
	table.index th:first-child a {
		font-weight: bold;
	}

/******************************************************************************/
/*                                    Print                                   */
/******************************************************************************/

	@media print {
		/* Pages have their own margins. */
		html {
			margin: 0;
		}
		/* Serif for print. */
		body {
			font-family: serif;
		}
	}
	@page {
		margin: 1.5cm 1.1cm;
	}

/******************************************************************************/
/*                                    Legacy                                  */
/******************************************************************************/

	/* This rule is inherited from past style sheets. No idea what it's for. */
	.hide { display: none }



/******************************************************************************/
/*                             Overflow Control                               */
/******************************************************************************/

	.figure .caption, .sidefigure .caption, figcaption {
		/* in case figure is overlarge, limit caption to 50em */
		max-width: 50rem;
		margin-left: auto;
		margin-right: auto;
	}
	.overlarge {
		/* Magic to create good table positioning:
		   "content column" is 50ems wide at max; less on smaller screens.
		   Extra space (after ToC + content) is empty on the right.

		   1. When table < content column, centers table in column.
		   2. When content < table < available, left-aligns.
		   3. When table > available, fills available + scroll bar.
		*/ 
		display: grid;
		grid-template-columns: minmax(0, 50em);
	}
	.overlarge > table {
		/* limit preferred width of table */
		max-width: 50em;
		margin-left: auto;
		margin-right: auto;
	}

	@media (min-width: 55em) {
		.overlarge {
			margin-right: calc(13px + 26.5rem - 50vw);
			max-width: none;
		}
	}
	@media screen and (min-width: 78em) {
		body:not(.toc-inline) .overlarge {
			/* 30.5em body padding 50em content area */
			margin-right: calc(40em - 50vw) !important;
		}
	}
	@media screen and (min-width: 90em) {
		body:not(.toc-inline) .overlarge {
			/* 4em html margin 30.5em body padding 50em content area */
			margin-right: calc(84.5em - 100vw) !important;
		}
	}

	@media not print {
		.overlarge {
			overflow-x: auto;
			/* See Lea Verou's explanation background-attachment:
			 * http://lea.verou.me/2012/04/background-attachment-local/
			 *
			background: top left  / 4em 100% linear-gradient(to right,  #ffffff, rgba(255, 255, 255, 0)) local,
			            top right / 4em 100% linear-gradient(to left, #ffffff, rgba(255, 255, 255, 0)) local,
			            top left  / 1em 100% linear-gradient(to right,  #c3c3c5, rgba(195, 195, 197, 0)) scroll,
			            top right / 1em 100% linear-gradient(to left, #c3c3c5, rgba(195, 195, 197, 0)) scroll,
			            white;
			background-repeat: no-repeat;
			*/
		}
	}
</style>
  <link href="https://w3c.github.io/webappsec-trusted-types/dist/spec/" rel="canonical">
<style>/* style-md-lists */

/* This is a weird hack for me not yet following the commonmark spec
   regarding paragraph and lists. */
[data-md] > :first-child {
    margin-top: 0;
}
[data-md] > :last-child {
    margin-bottom: 0;
}</style>
<style>/* style-selflinks */

.heading, .issue, .note, .example, li, dt {
    position: relative;
}
a.self-link {
    position: absolute;
    top: 0;
    left: calc(-1 * (3.5rem - 26px));
    width: calc(3.5rem - 26px);
    height: 2em;
    text-align: center;
    border: none;
    transition: opacity .2s;
    opacity: .5;
}
a.self-link:hover {
    opacity: 1;
}
.heading > a.self-link {
    font-size: 83%;
}
li > a.self-link {
    left: calc(-1 * (3.5rem - 26px) - 2em);
}
dfn > a.self-link {
    top: auto;
    left: auto;
    opacity: 0;
    width: 1.5em;
    height: 1.5em;
    background: gray;
    color: white;
    font-style: normal;
    transition: opacity .2s, background-color .2s, color .2s;
}
dfn:hover > a.self-link {
    opacity: 1;
}
dfn > a.self-link:hover {
    color: black;
}

a.self-link::before            { content: "¶"; }
.heading > a.self-link::before { content: "§"; }
dfn > a.self-link::before      { content: "#"; }</style>
<style>/* style-counters */

body {
    counter-reset: example figure issue;
}
.issue {
    counter-increment: issue;
}
.issue:not(.no-marker)::before {
    content: "Issue " counter(issue);
}

.example {
    counter-increment: example;
}
.example:not(.no-marker)::before {
    content: "Example " counter(example);
}
.invalid.example:not(.no-marker)::before,
.illegal.example:not(.no-marker)::before {
    content: "Invalid Example" counter(example);
}

figcaption {
    counter-increment: figure;
}
figcaption:not(.no-marker)::before {
    content: "Figure " counter(figure) " ";
}</style>
<style>/* style-autolinks */

.css.css, .property.property, .descriptor.descriptor {
    color: #005a9c;
    font-size: inherit;
    font-family: inherit;
}
.css::before, .property::before, .descriptor::before {
    content: "‘";
}
.css::after, .property::after, .descriptor::after {
    content: "’";
}
.property, .descriptor {
    /* Don't wrap property and descriptor names */
    white-space: nowrap;
}
.type { /* CSS value <type> */
    font-style: italic;
}
pre .property::before, pre .property::after {
    content: "";
}
[data-link-type="property"]::before,
[data-link-type="propdesc"]::before,
[data-link-type="descriptor"]::before,
[data-link-type="value"]::before,
[data-link-type="function"]::before,
[data-link-type="at-rule"]::before,
[data-link-type="selector"]::before,
[data-link-type="maybe"]::before {
    content: "‘";
}
[data-link-type="property"]::after,
[data-link-type="propdesc"]::after,
[data-link-type="descriptor"]::after,
[data-link-type="value"]::after,
[data-link-type="function"]::after,
[data-link-type="at-rule"]::after,
[data-link-type="selector"]::after,
[data-link-type="maybe"]::after {
    content: "’";
}

[data-link-type].production::before,
[data-link-type].production::after,
.prod [data-link-type]::before,
.prod [data-link-type]::after {
    content: "";
}

[data-link-type=element],
[data-link-type=element-attr] {
    font-family: Menlo, Consolas, "DejaVu Sans Mono", monospace;
    font-size: .9em;
}
[data-link-type=element]::before { content: "<" }
[data-link-type=element]::after  { content: ">" }

[data-link-type=biblio] {
    white-space: pre;
}</style>
<style>/* style-dfn-panel */

.dfn-panel {
    position: absolute;
    z-index: 35;
    height: auto;
    width: -webkit-fit-content;
    width: fit-content;
    max-width: 300px;
    max-height: 500px;
    overflow: auto;
    padding: 0.5em 0.75em;
    font: small Helvetica Neue, sans-serif, Droid Sans Fallback;
    background: #DDDDDD;
    color: black;
    border: outset 0.2em;
}
.dfn-panel:not(.on) { display: none; }
.dfn-panel * { margin: 0; padding: 0; text-indent: 0; }
.dfn-panel > b { display: block; }
.dfn-panel a { color: black; }
.dfn-panel a:not(:hover) { text-decoration: none !important; border-bottom: none !important; }
.dfn-panel > b + b { margin-top: 0.25em; }
.dfn-panel ul { padding: 0; }
.dfn-panel li { list-style: inside; }
.dfn-panel.activated {
    display: inline-block;
    position: fixed;
    left: .5em;
    bottom: 2em;
    margin: 0 auto;
    max-width: calc(100vw - 1.5em - .4em - .5em);
    max-height: 30vh;
}

.dfn-paneled { cursor: pointer; }
</style>
<style>/* style-syntax-highlighting */
pre.idl.highlight { color: #708090; }
.highlight:not(.idl) { background: hsl(24, 20%, 95%); }
code.highlight { padding: .1em; border-radius: .3em; }
pre.highlight, pre > code.highlight { display: block; padding: 1em; margin: .5em 0; overflow: auto; border-radius: 0; }
c-[a] { color: #990055 } /* Keyword.Declaration */
c-[b] { color: #990055 } /* Keyword.Type */
c-[c] { color: #708090 } /* Comment */
c-[d] { color: #708090 } /* Comment.Multiline */
c-[e] { color: #0077aa } /* Name.Attribute */
c-[f] { color: #669900 } /* Name.Tag */
c-[g] { color: #222222 } /* Name.Variable */
c-[k] { color: #990055 } /* Keyword */
c-[l] { color: #000000 } /* Literal */
c-[m] { color: #000000 } /* Literal.Number */
c-[n] { color: #0077aa } /* Name */
c-[o] { color: #999999 } /* Operator */
c-[p] { color: #999999 } /* Punctuation */
c-[s] { color: #a67f59 } /* Literal.String */
c-[t] { color: #a67f59 } /* Literal.String.Single */
c-[u] { color: #a67f59 } /* Literal.String.Double */
c-[cp] { color: #708090 } /* Comment.Preproc */
c-[c1] { color: #708090 } /* Comment.Single */
c-[cs] { color: #708090 } /* Comment.Special */
c-[kc] { color: #990055 } /* Keyword.Constant */
c-[kn] { color: #990055 } /* Keyword.Namespace */
c-[kp] { color: #990055 } /* Keyword.Pseudo */
c-[kr] { color: #990055 } /* Keyword.Reserved */
c-[ld] { color: #000000 } /* Literal.Date */
c-[nc] { color: #0077aa } /* Name.Class */
c-[no] { color: #0077aa } /* Name.Constant */
c-[nd] { color: #0077aa } /* Name.Decorator */
c-[ni] { color: #0077aa } /* Name.Entity */
c-[ne] { color: #0077aa } /* Name.Exception */
c-[nf] { color: #0077aa } /* Name.Function */
c-[nl] { color: #0077aa } /* Name.Label */
c-[nn] { color: #0077aa } /* Name.Namespace */
c-[py] { color: #0077aa } /* Name.Property */
c-[ow] { color: #999999 } /* Operator.Word */
c-[mb] { color: #000000 } /* Literal.Number.Bin */
c-[mf] { color: #000000 } /* Literal.Number.Float */
c-[mh] { color: #000000 } /* Literal.Number.Hex */
c-[mi] { color: #000000 } /* Literal.Number.Integer */
c-[mo] { color: #000000 } /* Literal.Number.Oct */
c-[sb] { color: #a67f59 } /* Literal.String.Backtick */
c-[sc] { color: #a67f59 } /* Literal.String.Char */
c-[sd] { color: #a67f59 } /* Literal.String.Doc */
c-[se] { color: #a67f59 } /* Literal.String.Escape */
c-[sh] { color: #a67f59 } /* Literal.String.Heredoc */
c-[si] { color: #a67f59 } /* Literal.String.Interpol */
c-[sx] { color: #a67f59 } /* Literal.String.Other */
c-[sr] { color: #a67f59 } /* Literal.String.Regex */
c-[ss] { color: #a67f59 } /* Literal.String.Symbol */
c-[vc] { color: #0077aa } /* Name.Variable.Class */
c-[vg] { color: #0077aa } /* Name.Variable.Global */
c-[vi] { color: #0077aa } /* Name.Variable.Instance */
c-[il] { color: #000000 } /* Literal.Number.Integer.Long */
</style>
 <body class="h-entry">
  <div class="head">
   <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
   <h1 class="p-name no-ref" id="title">Trusted Types</h1>
   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="1970-01-01">1 January 1970</time></span></h2>
   <div data-fill-with="spec-metadata">
    <dl>
     <dt>This version:
     <dd><a class="u-url" href="https://w3c.github.io/webappsec-trusted-types/dist/spec/">https://w3c.github.io/webappsec-trusted-types/dist/spec/</a>
     <dt>Feedback:
     <dd><span><a href="mailto:public-webappsec@w3.org?subject=%5Btrusted-types%5D%20YOUR%20TOPIC%20HERE">public-webappsec@w3.org</a> with subject line “<kbd>[trusted-types] <i data-lt>… message topic …</i></kbd>” (<a href="https://lists.w3.org/Archives/Public/public-webappsec/" rel="discussion">archives</a>)</span>
     <dt class="editor">Editors:
     <dd class="editor p-author h-card vcard"><a class="p-name fn u-email email" href="mailto:koto@google.com">Krzysztof Kotowicz</a> (<a class="p-org org" href="https://google.com">Google LLC</a>)
     <dd class="editor p-author h-card vcard"><a class="p-name fn u-email email" href="mailto:mkwst@google.com">Mike West</a> (<a class="p-org org" href="https://google.com">Google LLC</a>)
    </dl>
   </div>
   <div data-fill-with="warning"></div>
   <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 1970 <a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="https://www.keio.ac.jp/">Keio</a>, <a href="https://ev.buaa.edu.cn/">Beihang</a>). W3C <a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply. </p>
   <hr title="Separator for header">
  </div>
  <div class="p-summary" data-fill-with="abstract">
   <h2 class="no-num no-toc no-ref heading settled" id="abstract"><span class="content">Abstract</span></h2>
   <p>An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.</p>
  </div>
  <h2 class="no-num no-toc no-ref heading settled" id="status"><span class="content">Status of this document</span></h2>
  <div data-fill-with="status">
   <p> This is a public copy of the editors’ draft.
	It is provided for discussion only and may change at any moment.
	Its publication here does not imply endorsement of its contents by W3C.
	Don’t cite this document other than as work in progress. </p>
   <p> <strong>Changes to this document may be tracked at <a href="https://github.com/w3c/webappsec">https://github.com/w3c/webappsec</a>.</strong> </p>
   <p> The (<a href="https://lists.w3.org/Archives/Public/public-webappsec/">archived</a>) public mailing list <a href="mailto:public-webappsec@w3.org?Subject=%5Btrusted-types%5D%20PUT%20SUBJECT%20HERE">public-webappsec@w3.org</a> (see <a href="https://www.w3.org/Mail/Request">instructions</a>)
	is preferred for discussion of this specification.
	When sending e-mail,
	please put the text “trusted-types” in the subject,
	preferably like this:
	“[trusted-types] <em>…summary of comment…</em>” </p>
   <p> This document was produced by the <a href="https://www.w3.org/2011/webappsec/">Web Application Security Working Group</a>. </p>
   <p> This document was produced by a group operating under
	the <a href="https://www.w3.org/Consortium/Patent-Policy/">W3C Patent Policy</a>.
	W3C maintains a <a href="https://www.w3.org/2004/01/pp-impl/49309/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group;
	that page also includes instructions for disclosing a patent.
	An individual who has actual knowledge of a patent which the individual believes contains <a href="https://www.w3.org/Consortium/Patent-Policy/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Disclosure">section 6 of the W3C Patent Policy</a>. </p>
   <p> This document is governed by the <a href="https://www.w3.org/2019/Process-20190301/" id="w3c_process_revision">1 March 2019 W3C Process Document</a>. </p>
   <p></p>
  </div>
  <div data-fill-with="at-risk"></div>
  <nav data-fill-with="table-of-contents" id="toc">
   <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
   <ol class="toc" role="directory">
    <li>
     <a href="#introduction"><span class="secno">1</span> <span class="content">Introduction</span></a>
     <ol class="toc">
      <li><a href="#goals"><span class="secno">1.1</span> <span class="content">Goals</span></a>
      <li><a href="#non-goals"><span class="secno">1.2</span> <span class="content">Non-goals</span></a>
      <li><a href="#use-cases"><span class="secno">1.3</span> <span class="content">Use cases</span></a>
     </ol>
    <li>
     <a href="#framework"><span class="secno">2</span> <span class="content">Framework</span></a>
     <ol class="toc">
      <li>
       <a href="#injection-sinks"><span class="secno">2.1</span> <span class="content">Injection sinks</span></a>
       <ol class="toc">
        <li><a href="#html-injection-sinks"><span class="secno">2.1.1</span> <span class="content">HTML injection sinks</span></a>
        <li><a href="#dom-xss-injection-sinks"><span class="secno">2.1.2</span> <span class="content">DOM XSS injection sinks</span></a>
       </ol>
      <li>
       <a href="#trusted-types"><span class="secno">2.2</span> <span class="content">Trusted Types</span></a>
       <ol class="toc">
        <li><a href="#trusted-html"><span class="secno">2.2.1</span> <span class="content"><span>TrustedHTML</span></span></a>
        <li><a href="#trusted-script"><span class="secno">2.2.2</span> <span class="content"><span>TrustedScript</span></span></a>
        <li><a href="#trused-script-url"><span class="secno">2.2.3</span> <span class="content"><span>TrustedScriptURL</span></span></a>
       </ol>
      <li>
       <a href="#policies-hdr"><span class="secno">2.3</span> <span class="content"><span>Policies</span></span></a>
       <ol class="toc">
        <li><a href="#trusted-type-policy-factory"><span class="secno">2.3.1</span> <span class="content"><span>TrustedTypePolicyFactory</span></span></a>
        <li><a href="#trusted-type-policy"><span class="secno">2.3.2</span> <span class="content"><span>TrustedTypePolicy</span></span></a>
        <li><a href="#trusted-type-policy-options"><span class="secno">2.3.3</span> <span class="content"><span>TrustedTypePolicyOptions</span></span></a>
        <li><a href="#default-policy-hdr"><span class="secno">2.3.4</span> <span class="content"><span>Default policy</span></span></a>
       </ol>
      <li>
       <a href="#enforcement-hdr"><span class="secno">2.4</span> <span class="content"><span>Enforcement</span></span></a>
       <ol class="toc">
        <li><a href="#content-security-policy-hdr"><span class="secno">2.4.1</span> <span class="content">Content Security Policy</span></a>
        <li><a href="#!trustedtypes-extended-attribute"><span class="secno">2.4.2</span> <span class="content">TrustedTypes extended attribute</span></a>
       </ol>
     </ol>
    <li>
     <a href="#algorithms"><span class="secno">3</span> <span class="content">Algorithms</span></a>
     <ol class="toc">
      <li><a href="#create-trusted-type-policy-algorithm"><span class="secno">3.1</span> <span class="content"><span>Create a Trusted Type Policy</span></span></a>
      <li><a href="#create-a-trusted-type-algorithm"><span class="secno">3.2</span> <span class="content"><span>Create a Trusted Type</span></span></a>
      <li><a href="#get-trusted-type-compliant-string-algorithm"><span class="secno">3.3</span> <span class="content"><span>Get Trusted Type compliant string</span></span></a>
      <li><a href="#process-value-with-a-default-policy-algorithm"><span class="secno">3.4</span> <span class="content"><span>Process value with a default policy</span></span></a>
      <li><a href="#prepare-script-url-and-text"><span class="secno">3.5</span> <span class="content"><span>Prepare the script URL and text</span></span></a>
     </ol>
    <li>
     <a href="#integrations"><span class="secno">4</span> <span class="content">Integrations</span></a>
     <ol class="toc">
      <li>
       <a href="#integration-with-html"><span class="secno">4.1</span> <span class="content">Integration with HTML</span></a>
       <ol class="toc">
        <li><a href="#extensions-to-the-window-interface"><span class="secno">4.1.1</span> <span class="content">Extensions to the Window interface</span></a>
        <li><a href="#extensions-to-the-document-interface"><span class="secno">4.1.2</span> <span class="content">Extensions to the Document interface</span></a>
        <li>
         <a href="#enfocement-in-scripts"><span class="secno">4.1.3</span> <span class="content">Enforcement for scripts</span></a>
         <ol class="toc">
          <li><a href="#slots-with-trusted-values"><span class="secno">4.1.3.1</span> <span class="content">Slots with trusted values</span></a>
          <li><a href="#setting-slot-values"><span class="secno">4.1.3.2</span> <span class="content">Setting slot values</span></a>
          <li><a href="#slot-value-verification"><span class="secno">4.1.3.3</span> <span class="content">Slot value verification</span></a>
         </ol>
        <li><a href="#enforcement-in-sinks"><span class="secno">4.1.4</span> <span class="content">Enforcement in element attributes</span></a>
        <li><a href="#enforcement-in-timer-functions"><span class="secno">4.1.5</span> <span class="content">Enforcement in timer functions</span></a>
        <li><a href="#enforcement-in-event-handler-content-attributes"><span class="secno">4.1.6</span> <span class="content">Enforcement in event handler content attributes</span></a>
       </ol>
      <li><a href="#integration-with-svg"><span class="secno">4.2</span> <span class="content">Integration with SVG</span></a>
      <li><a href="#integration-with-dom"><span class="secno">4.3</span> <span class="content">Integration with DOM</span></a>
      <li><a href="#integration-with-dom-parsing"><span class="secno">4.4</span> <span class="content">Integration with DOM Parsing</span></a>
      <li>
       <a href="#integration-with-content-security-policy"><span class="secno">4.5</span> <span class="content">Integration with Content Security Policy</span></a>
       <ol class="toc">
        <li>
         <a href="#require-trusted-types-for-csp-directive"><span class="secno">4.5.1</span> <span class="content"><span>require-trusted-types-for</span> directive</span></a>
         <ol class="toc">
          <li><a href="#require-trusted-types-for-pre-navigation-check"><span class="secno">4.5.1.1</span> <span class="content"><code>require-trusted-types-for</code> Pre-Navigation check</span></a>
         </ol>
        <li><a href="#trusted-types-csp-directive"><span class="secno">4.5.2</span> <span class="content"><span>trusted-types</span> directive</span></a>
        <li><a href="#should-block-sink-type-mismatch"><span class="secno">4.5.3</span> <span class="content"><span>Should sink type mismatch violation be blocked by Content Security Policy?</span></span></a>
        <li><a href="#should-block-create-policy"><span class="secno">4.5.4</span> <span class="content"><span>Should Trusted Type policy creation be blocked by Content Security Policy?</span></span></a>
        <li><a href="#csp-violation-object-hdr"><span class="secno">4.5.5</span> <span class="content">Violation object changes</span></a>
        <li><a href="#csp-eval"><span class="secno">4.5.6</span> <span class="content">Support for eval(TrustedScript)</span></a>
       </ol>
     </ol>
    <li>
     <a href="#security-considerations"><span class="secno">5</span> <span class="content">Security Considerations</span></a>
     <ol class="toc">
      <li><a href="#cross-document-vectors"><span class="secno">5.1</span> <span class="content">Cross-document vectors</span></a>
      <li><a href="#deprecated-features"><span class="secno">5.2</span> <span class="content">Deprecated features</span></a>
      <li><a href="#best-practices-for-policy-design"><span class="secno">5.3</span> <span class="content">Best practices for policy design</span></a>
     </ol>
    <li>
     <a href="#implementation-considerations"><span class="secno">6</span> <span class="content">Implementation Considerations</span></a>
     <ol class="toc">
      <li><a href="#vendor-specific-extensions-and-addons"><span class="secno">6.1</span> <span class="content">Vendor-specific Extensions and Addons</span></a>
     </ol>
    <li>
     <a href="#conformance"><span class="secno"></span> <span class="content">Conformance</span></a>
     <ol class="toc">
      <li><a href="#conventions"><span class="secno"></span> <span class="content">Document conventions</span></a>
      <li><a href="#conformant-algorithms"><span class="secno"></span> <span class="content">Conformant Algorithms</span></a>
     </ol>
    <li>
     <a href="#index"><span class="secno"></span> <span class="content">Index</span></a>
     <ol class="toc">
      <li><a href="#index-defined-here"><span class="secno"></span> <span class="content">Terms defined by this specification</span></a>
      <li><a href="#index-defined-elsewhere"><span class="secno"></span> <span class="content">Terms defined by reference</span></a>
     </ol>
    <li>
     <a href="#references"><span class="secno"></span> <span class="content">References</span></a>
     <ol class="toc">
      <li><a href="#normative"><span class="secno"></span> <span class="content">Normative References</span></a>
      <li><a href="#informative"><span class="secno"></span> <span class="content">Informative References</span></a>
     </ol>
    <li><a href="#idl-index"><span class="secno"></span> <span class="content">IDL Index</span></a>
    <li><a href="#issues-index"><span class="secno"></span> <span class="content">Issues Index</span></a>
   </ol>
  </nav>
  <main>
   <h2 class="heading settled" data-level="1" id="introduction"><span class="secno">1. </span><span class="content">Introduction</span><a class="self-link" href="#introduction"></a></h2>
   <p><em>This section is not normative.</em></p>
   <p>Certain classes of vulnerabilities occur when a web application
takes a value from an attacker-controlled source (e.g. the
document URL parameter, or postMessage channel) and passes that value,
without appropriate sanitization to one of the <a href="#injection-sinks">injection sinks</a> - various Web API functions with
powerful capabilities.</p>
   <p>These types of issues are traditionally difficult to prevent.
Applications commonly call those injection sinks with attacker-controlled
values without authors realizing it, since it’s not clear if the
input was attacker-controlled when invoking the injection sink.
Due to the dynamic nature of JavaScript it’s also difficult to ascertain
that such pattern is not present in a given program. It is often missed
during manual code reviews, and automated code analysis. As an example,
if <code>aString</code> contains untrusted data, <code>foo[bar] = aString</code> is a statement
that potentially can trigger a vulnerability, depending on a value
of <code>foo</code> and <code>bar</code>.</p>
   <p>This document focuses on prevening DOM-Based Cross-Site Scripting
that occurs when attacker-controlled data reaches <a href="#dom-xss-injection-sinks">§ 2.1.2 DOM XSS injection sinks</a>, as that eventually causes execution of the
script payload controlled by the attacker. DOM XSS is prevalent in the
web applications as there are over 60 different
injection sinks (e.g. <code>Element.innerHTML</code>, or <code>Location.href</code> setters).</p>
   <p>This document defines <a href="#trusted-types">Trusted Types</a> - an API that allows applications
to lock down <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink">injection sinks</a> to only accept non-spoofable, typed values
in place of strings. These values can in turn only be created from
application-defined <a data-link-type="dfn" href="#policies" id="ref-for-policies">policies</a>, allowing the authors to define rules
guarding dangerous APIs, reducing the attack surface to small, isolated parts
of the web application codebase, which are substantially easier to safeguard,
monitor and review.</p>
   <h3 class="heading settled" data-level="1.1" id="goals"><span class="secno">1.1. </span><span class="content">Goals</span><a class="self-link" href="#goals"></a></h3>
   <ul>
    <li data-md>
     <p>Minimize the likelihood of client-side vulnerabilities that occur when
calling powerful Web APIs with untrusted data - for example,
minimize the likelihood of DOM XSS.</p>
    <li data-md>
     <p>Encourage a design in which security decisions are
encapsulated within a small part of the application.</p>
    <li data-md>
     <p>Reduce security review surface for complex web application
codebases.</p>
    <li data-md>
     <p>Allow the detection of vulnerabilities similar to how regular
programming errors are detected and surfaced to the developers, with the
assist of dynamic and static analysis tools.</p>
   </ul>
   <h3 class="heading settled" data-level="1.2" id="non-goals"><span class="secno">1.2. </span><span class="content">Non-goals</span><a class="self-link" href="#non-goals"></a></h3>
   <ul>
    <li data-md>
     <p>Prevent, or mitigate the result of injections into server-side generated
markup, in specific reflections into the body of the scripts running in a
document. To address server-side XSS vectors, we recommend existing
solutions like templating systems or <a data-link-type="biblio" href="#biblio-csp3">CSP</a> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#script-src" id="ref-for-script-src">script-src</a>.</p>
    <li data-md>
     <p>Address resource confinement, e.g. to prevent data exfiltration, or
connecting to external sources via <a data-link-type="biblio" href="#biblio-fetch">[Fetch]</a>.</p>
    <li data-md>
     <p>Control subresource loading. Trusted Types aim to allow the authors to
control loading resources that can script the current document, but not
other subresources.</p>
    <li data-md>
     <p>Prevent <em>cross-origin</em> JavaScript execution (for example, Trusted Types
don’t guard loading new documents with JavaScript code via <code>data:</code> URLs).</p>
    <li data-md>
     <p>Prevent malicious authors of the web application’s JavaScript code
from being able to bypass the restrictions; attempting to protect against
malicious authors would result in an overtly complex and not-practical
design.</p>
   </ul>
   <h3 class="heading settled" data-level="1.3" id="use-cases"><span class="secno">1.3. </span><span class="content">Use cases</span><a class="self-link" href="#use-cases"></a></h3>
   <ul>
    <li data-md>
     <p>An author maintains a complex web application written in a framework
that uses a secure templating system to generate the UI
components. The application also depends on 3rd party client-side
libraries that perform auxiliary tasks (e.g. analytics, performance
monitoring). To ensure that none of these components introduce DOM
XSS vulnerabilities, author defines a Trusted Type policy in the
templating library and enables the enforcement for the <a data-link-type="dfn">DOM XSS injection sinks</a>.</p>
    <li data-md>
     <p>An existing web application interacts with the DOM mostly using XSS-safe
patterns (i.e. withour using <a data-link-type="dfn">DOM XSS injection sinks</a>). In a few places,
however, it resorts to using risky patterns like loading additional script using
JSONP, calling into <code>innerHTML</code> or <code>eval</code>.</p>
     <p>Review finds that those places do not cause XSS (e.g. because
user-controlled data is not part of the input to those sinks), but it’s
hard to migrate the application off using these patterns.</p>
     <p>As such, CSP cannot be enforced on this application (without resorting to
an unsafe version using <code>'unsafe-eval' 'unsafe-inline'</code>). Additionally,
it’s possible some codebase with DOM XSS flaws was not included in a review,
or will be introduced in the future.</p>
     <p>To address this risk, the author converts the reviewed parts to using
Trusted Types, and enables Trusted Type <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement">enforcement</a>. Addditional places
using the injection sinks, should they exist in the future, are correctly
blocked and reported.</p>
    <li data-md>
     <p>A security team is tasked with assuring that the client-side heavy
application code does not contain XSS vulnerabilities. Since the server side
code is homogeneous (it’s moslty an API backend), and the application
enforces Trusted Types, the review only focuses on the Trusted Type <a data-link-type="dfn" href="#policies" id="ref-for-policies①">policies</a> and their rules. Later on the reviewed policy names are
allowed in the 'trusted-types' CSP directive, safe for the developers to
use.</p>
     <p>Any additonal code, including the code of often-changing dependencies,
can be excluded from the review, unless it creates a Trusted Type policy.
Without it, the code cannot cause a DOM XSS.</p>
   </ul>
   <h2 class="heading settled" data-level="2" id="framework"><span class="secno">2. </span><span class="content">Framework</span><a class="self-link" href="#framework"></a></h2>
   <h3 class="heading settled" data-level="2.1" id="injection-sinks"><span class="secno">2.1. </span><span class="content">Injection sinks</span><a class="self-link" href="#injection-sinks"></a></h3>
   <p><em>This section is not normative.</em></p>
   <p>An <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="injection-sink">injection sink</dfn> is a powerful Web API function that should only
be called with trusted, validated or appropriately sanitized input.
Calling the injection sink with attacker-controlled (i.e. injected) inputs
has undesired consequences and is considered a security vulnerability.</p>
   <p class="note" role="note"><span>Note:</span> The exact list of injection sinks covered by this document is defined in <a href="#integrations">§ 4 Integrations</a>.</p>
   <p>It’s difficult to determine if a given application contains such a
vulnerability (e.g. if it is vulnerable to DOM XSS) only by analyzing
the invocations of <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①">injection sinks</a>, as their inputs (usually strings)
do not carry the information about their provenance. For example, while
the application might intentionally call <code>eval()</code> with dynamically created
inputs (e.g. for code obfuscation purposes), calling <code>eval()</code> on strings
supplied by the attacker is definitely a security vulnerability - but
it’s not easy to distinguish one from the other.</p>
   <p>This document organizes the injection sinks into groups, based on the
capabilities that sinks in a given group have. <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement①">Enforcement</a> for groups is controlled via <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group">trusted-types-sink-group</a> values.</p>
   <h4 class="heading settled" data-level="2.1.1" id="html-injection-sinks"><span class="secno">2.1.1. </span><span class="content">HTML injection sinks</span><a class="self-link" href="#html-injection-sinks"></a></h4>
   <p><em>This section is not normative.</em></p>
   <p>HTML <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②">injection sinks</a> parse input strings into a DOM tree. Since HTML parsers
can create arbitrary elements, including scripts, and set arbitrary attributes,
enabling the <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement②">enforcement</a> of any <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group①">trusted-types-sink-group</a> also implies
enforcing types for HTML injection sinks.</p>
   <p>Examples of HTML injection sinks include:</p>
   <ul>
    <li data-md>
     <p>Functions that parse &amp; insert HTML strings into the document like <a href="https://www.w3.org/TR/DOM-Parsing/#widl-Element-innerHTML">Element.innerHTML</a>, <a href="https://www.w3.org/TR/DOM-Parsing/#widl-Element-outerHTML">Element.outerHTML</a> setter, or <code class="idl"><a data-link-type="idl" href="#dom-document-write" id="ref-for-dom-document-write">Document.write</a></code>.</p>
    <li data-md>
     <p>Functions that create a new same-origin <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document">Document</a></code> with caller-controlled
markup like <code class="idl"><a data-link-type="idl" href="#dom-domparser-parsefromstring" id="ref-for-dom-domparser-parsefromstring">parseFromString()</a></code>,</p>
   </ul>
   <h4 class="heading settled" data-level="2.1.2" id="dom-xss-injection-sinks"><span class="secno">2.1.2. </span><span class="content">DOM XSS injection sinks</span><a class="self-link" href="#dom-xss-injection-sinks"></a></h4>
   <p><em>This section is not normative.</em></p>
   <p>DOM XSS <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink③">injection sinks</a> evaluate an input string value in a way that could
result in DOM XSS if that value is untrusted.</p>
   <p>Examples of include:</p>
   <ul>
    <li data-md>
     <p>Setters for <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element">Element</a></code> attributes that accept a URL of the code to load
like <code class="idl"><a class="idl-code" data-link-type="attribute" href="#dom-htmlscriptelement-src" id="ref-for-dom-htmlscriptelement-src">HTMLScriptElement.src</a></code>,</p>
    <li data-md>
     <p>Setters for <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element①">Element</a></code> attributes that accept a code to execute like <code class="idl"><a class="idl-code" data-link-type="attribute" href="#dom-htmlscriptelement-text" id="ref-for-dom-htmlscriptelement-text">HTMLScriptElement.text</a></code>,</p>
    <li data-md>
     <p>Functions that execute code directly like <code>eval</code>,</p>
    <li data-md>
     <p>Navigation to 'javascript:' URLs.</p>
   </ul>
   <p>Guarding DOM XSS injection sinks is controlled by the <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group②">trusted-types-sink-group</a> named 'script'.</p>
   <h3 class="heading settled" data-level="2.2" id="trusted-types"><span class="secno">2.2. </span><span class="content">Trusted Types</span><a class="self-link" href="#trusted-types"></a></h3>
   <p>To allow the authors to control values reaching injection sinks,
we introduce <a href="#trusted-types">§ 2.2 Trusted Types</a>. The following list of <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="trusted-type">Trusted Type</dfn>s indicating that a given value is
trusted by the authors to be used with an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink④">injection sink</a> in a certain context.</p>
   <p class="note" role="note"><span>Note:</span> <strong>Trusted</strong> in this context signifies the fact that the application author
is confident that a given value can be safely used with an injection sink - she <em>trusts</em> it does not introduce a vulnerability. That does not imply that the
value is indeed <em>safe</em>.</p>
   <p class="note" role="note"><span>Note:</span> This allows the authors to specify the intention when creating a given
value, and the user agents to introduce checks based on the type of
such value to preserve the authors' intent. For example, if
authors intend a value to be used as an HTML snippet, an attempt to
load a script from that value would fail.</p>
   <p class="note" role="note"><span>Note:</span> All Trusted Types wrap over an immutable string, specified when the
objects are created. These objects are unforgeable in a sense that
there is no JavaScript-exposed way to replace the inner string value
of a given object - it’s stored in an internal slot with no setter
exposed.</p>
   <p class="note" role="note"><span>Note:</span> All Trusted Types stringifiers return the inner string value.
This makes it easy to incrementally migrate the application code into using
Trusted Types in place of DOM strings (it’s possible to start
producing types in parts of the application, while still using and
accepting strings in other parts of the codebase). In that sense,
Trusted Types are backwards-compatible with the regular DOM APIs.</p>
   <h4 class="heading settled" data-level="2.2.1" id="trusted-html"><span class="secno">2.2.1. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedhtml">TrustedHTML<a class="self-link" href="#typedef-trustedhtml"></a></dfn></span><a class="self-link" href="#trusted-html"></a></h4>
   <p>The TrustedHTML interface represents a string that a developer can
confidently insert into an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink⑤">injection sink</a> that will render it as HTML.
These objects are immutable
wrappers around a string, constructed via a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy">TrustedTypePolicy</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createhtml" id="ref-for-dom-trustedtypepolicy-createhtml">createHTML</a></code> method.</p>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="trustedhtml"><code><c- g>TrustedHTML</c-></code></dfn> {
  <dfn data-dfn-for="TrustedHTML" data-dfn-type="dfn" data-export data-lt="stringification behavior" id="TrustedHTML-stringification-behavior"><c- b>stringifier</c-><a class="self-link" href="#TrustedHTML-stringification-behavior"></a></dfn>;
};
</pre>
   <p>TrustedHTML objects have a <code>[[Data]]</code> internal slot which holds a
DOMString. The slot’s value is set when the object is created, and
will never change during its lifetime.</p>
   <p>To stringify a TrustedHTML object, return the DOMString from its <code>[[Data]]</code> internal slot.</p>
   <h4 class="heading settled" data-level="2.2.2" id="trusted-script"><span class="secno">2.2.2. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedscript">TrustedScript<a class="self-link" href="#typedef-trustedscript"></a></dfn></span><a class="self-link" href="#trusted-script"></a></h4>
   <p>The TrustedScript interface represents a string with an uncompiled
script body that a developer can confidently pass into an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink⑥">injection sink</a> that might lead to executing that script.
These objects are immutable wrappers
around a string, constructed via a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy①">TrustedTypePolicy</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createscript" id="ref-for-dom-trustedtypepolicy-createscript">createScript</a></code> method.</p>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="trustedscript"><code><c- g>TrustedScript</c-></code></dfn> {
  <dfn data-dfn-for="TrustedScript" data-dfn-type="dfn" data-export data-lt="stringification behavior" id="TrustedScript-stringification-behavior"><c- b>stringifier</c-><a class="self-link" href="#TrustedScript-stringification-behavior"></a></dfn>;
};
</pre>
   <p>TrustedScript objects have a <code>[[Data]]</code> internal slot which holds a
DOMString. The slot’s value is set when the object is created, and
will never change during its lifetime.</p>
   <p>To stringify a TrustedScript object, return the DOMString from its <code>[[Data]]</code> internal slot.</p>
   <h4 class="heading settled" data-level="2.2.3" id="trused-script-url"><span class="secno">2.2.3. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedscripturl">TrustedScriptURL<a class="self-link" href="#typedef-trustedscripturl"></a></dfn></span><a class="self-link" href="#trused-script-url"></a></h4>
   <p>The TrustedScriptURL interface represents a string that a developer
can confidently pass into an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink⑦">injection sink</a> that will parse it as a URL of
an external script resource.
These objects are immutable wrappers around a
string, constructed via a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy②">TrustedTypePolicy</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createscripturl" id="ref-for-dom-trustedtypepolicy-createscripturl">createScriptURL</a></code> method.</p>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="trustedscripturl"><code><c- g>TrustedScriptURL</c-></code></dfn> {
  <dfn data-dfn-for="TrustedScriptURL" data-dfn-type="dfn" data-export data-lt="stringification behavior" id="TrustedScriptURL-stringification-behavior"><c- b>stringifier</c-><a class="self-link" href="#TrustedScriptURL-stringification-behavior"></a></dfn>;
};
</pre>
   <p>TrustedScriptURL objects have a <code>[[Data]]</code> internal slot which holds a
USVString. The slot’s value is set when the object is created, and
will never change during its lifetime.</p>
   <p>To stringify a TrustedScriptURL object, return the USVString from its <code>[[Data]]</code> internal slot.</p>
   <h3 class="heading settled" data-level="2.3" id="policies-hdr"><span class="secno">2.3. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="policies">Policies</dfn></span><a class="self-link" href="#policies-hdr"></a></h3>
   <p>Trusted Types can only be created via user-defined
and immutable policies that define rules for converting a string into
a given Trusted Type object. Policies allows the authors to specify custom,
programmatic rules that Trusted Types must adhere to.</p>
   <div class="example" id="sanitizing-policy">
    <a class="self-link" href="#sanitizing-policy"></a> Authors may define a
policy that will sanitize an HTML string, allowing only a subset of
tags and attributes that are known not to cause JavaScript
execution. Any <code class="idl"><a data-link-type="idl" href="#trustedhtml" id="ref-for-trustedhtml">TrustedHTML</a></code> object created through this policy can then
be safely used in the application, and e.g. passed to <code>innerHTML</code> setter - even if the input value was controlled by the attacker, the
policy rules neutralized it to adhere to policy-specific
contract. 
<pre class="highlight"><c- kr>const</c-> sanitizingPolicy <c- o>=</c-> trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'sanitize-html'</c-><c- p>,</c-> <c- p>{</c->
  createHTML<c- o>:</c-> <c- p>(</c->input<c- p>)</c-> <c- p>=></c-> myTrustedSanitizer<c- p>(</c->input<c- p>,</c-> <c- p>{</c-> superSafe<c- o>:</c-> <c- t>'ok'</c-><c- p>}),</c->
<c- p>});</c->

myDiv<c- p>.</c->innerHTML <c- o>=</c-> sanitizingPolicy<c- p>.</c->createHTML<c- p>(</c->untrustedValue<c- p>);</c->
</pre>
   </div>
   <p class="note" role="note"><span>Note:</span> <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type">Trusted Type</a> objects wrap values that are explicitly trusted by
the author. As such, creating a Trusted Type object instance becomes a de
facto <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink⑧">injection sink</a>, and hence code that creates a Trusted Type
instances is security-critical. To allow for strict control over Trusted Type
object creation we don’t expose the constructors of those
directly, but require authors to create them via <a data-link-type="dfn" href="#policies" id="ref-for-policies②">policies</a>.</p>
   <p>Multiple policies can be created in a given <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-global-object-realm" id="ref-for-concept-global-object-realm">Realm</a>, allowing the
applications to define different rules for different parts of the
codebase.</p>
   <div class="example" id="policy-reference">
    <a class="self-link" href="#policy-reference"></a> Library initialized with a policy allowing it to load additional scripts from
a given host. 
<pre class="highlight"><c- kr>const</c-> cdnScriptsPolicy <c- o>=</c-> trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'cdn-scripts'</c-><c- p>,</c-> <c- p>{</c->
  createScriptURL<c- p>(</c->url<c- p>)</c-> <c- p>{</c->
    <c- kr>const</c-> parsed <c- o>=</c-> <c- k>new</c-> URL<c- p>(</c->url<c- p>,</c-> document<c- p>.</c->baseURI<c- p>);</c->
    <c- k>if</c-> <c- p>(</c->parsed<c- p>.</c->origin <c- o>==</c-> <c- t>'https://mycdn.example'</c-><c- p>)</c-> <c- p>{</c->
      <c- k>return</c-> url<c- p>;</c->
    <c- p>}</c->
    <c- k>throw</c-> <c- k>new</c-> TypeError<c- p>(</c-><c- t>'invalid URL'</c-><c- p>);</c->
  <c- p>},</c->
<c- p>});</c->

myLibrary<c- p>.</c->init<c- p>({</c->policy<c- o>:</c-> cdnScriptsPolicy<c- p>});</c->
</pre>
   </div>
   <p class="note" role="note"><span>Note:</span> Trusted Type objects can only be created via policies. If <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement③">enforcement</a> is enabled, only the policy code can trigger an action
of an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink⑨">injection sink</a> and hence call-sites of the policies' <code>create*</code> functions are the <em>only</em> security-sensitive code in the entire program
with regards to the actions of the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⓪">injection sinks</a>.
Only this typically small subset of the entire code base needs to be
security-reviewed - there’s no need to monitor or review
the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①①">injection sinks</a> themselves, as User Agents <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement④">enforce</a> that
those sinks will only accept matching Trusted Type objects, and these in turn
can only be created via policies.</p>
   <p>The <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicyfactory-createpolicy" id="ref-for-dom-trustedtypepolicyfactory-createpolicy">createPolicy</a></code> function returns a policy object which <code>create*</code> functions
will create Trusted Type objects after applying the policy
rules.</p>
   <p class="note" role="note"><span>Note:</span> While it’s safe to freely use a policy that sanitizes its input anywhere in the application,
there might be a need to create lax policies to be used internally, and only to be
called with author-controlled input. For example, a client-side HTML
templating library, an HTML sanitizer library, or a JS asynchronous
code plugin loading subsystem each will likely need full control over
HTML or URLs. The API design facilitates that - each policy may only
be used if the callsite can obtain a reference to the policy (a return
value from <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicyfactory-createpolicy" id="ref-for-dom-trustedtypepolicyfactory-createpolicy①">createPolicy()</a></code>). As such, policy
references can be treated as <a href="https://en.wikipedia.org/wiki/Object-capability_model">capabilities</a>,
access to which can be controlled using JavaScript techniques
(e.g. via closures, internal function variables, or modules).</p>
   <div class="example" id="policy-capability">
    <a class="self-link" href="#policy-capability"></a> Unsafe no-op policy reachable only from within a single code block to ascertain
that it’s called only with no attacker-controlled values. 
<pre class="highlight"><c- p>(</c-><c- a>function</c-> renderFootnote<c- p>()</c-> <c- p>{</c->
  <c- kr>const</c-> unsafePolicy <c- o>=</c-> trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'html'</c-><c- p>,</c-> <c- p>{</c->
    createHTML<c- o>:</c-> input <c- p>=></c-> input<c- p>,</c->
  <c- p>});</c->
  <c- kr>const</c-> footnote <c- o>=</c-> await fetch<c- p>(</c-><c- t>'/footnote.html'</c-><c- p>).</c->then<c- p>(</c->r <c- p>=></c-> r<c- p>.</c->text<c- p>());</c->
  footNote<c- p>.</c->innerHTML <c- o>=</c-> unsafePolicy<c- p>.</c->createHTML<c- p>(</c->footnote<c- p>);</c->
<c- p>})();</c->
</pre>
   </div>
   <h4 class="heading settled" data-level="2.3.1" id="trusted-type-policy-factory"><span class="secno">2.3.1. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedtypepolicyfactory">TrustedTypePolicyFactory<a class="self-link" href="#typedef-trustedtypepolicyfactory"></a></dfn></span><a class="self-link" href="#trusted-type-policy-factory"></a></h4>
   <p>TrustedTypePolicyFactory creates <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy③">policies</a></code> and verifies that Trusted Type object instances
were created via one of the policies.</p>
   <p class="note" role="note"><span>Note:</span> This factory object is exposed to JavaScript through <code>window.trustedTypes</code> reference - see <a href="#extensions-to-the-window-interface">§ 4.1.1 Extensions to the Window interface</a>.</p>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③"><c- g>Exposed</c-></a>=<c- n>Window</c->] <c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="trustedtypepolicyfactory"><code><c- g>TrustedTypePolicyFactory</c-></code></dfn> {
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy④"><c- n>TrustedTypePolicy</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-createpolicy" id="ref-for-dom-trustedtypepolicyfactory-createpolicy②"><c- g>createPolicy</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/createPolicy(policyName, policyOptions), TrustedTypePolicyFactory/createPolicy(policyName)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyname"><code><c- g>policyName</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyname"></a></dfn>, <c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions"><c- n>TrustedTypePolicyOptions</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/createPolicy(policyName, policyOptions), TrustedTypePolicyFactory/createPolicy(policyName)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyoptions"><code><c- g>policyOptions</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyoptions"></a></dfn>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①"><c- g>Unforgeable</c-></a>] <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①"><c- b>DOMString</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getpolicynames" id="ref-for-dom-trustedtypepolicyfactory-getpolicynames"><c- g>getPolicyNames</c-></a>();
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable②"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-ishtml" id="ref-for-dom-trustedtypepolicyfactory-ishtml"><c- g>isHTML</c-></a>(<c- b>any</c-> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/isHTML(value)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-ishtml-value-value"><code><c- g>value</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-ishtml-value-value"></a></dfn>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable③"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-isscript" id="ref-for-dom-trustedtypepolicyfactory-isscript"><c- g>isScript</c-></a>(<c- b>any</c-> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/isScript(value)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-isscript-value-value"><code><c- g>value</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-isscript-value-value"></a></dfn>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable④"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-isscripturl" id="ref-for-dom-trustedtypepolicyfactory-isscripturl"><c- g>isScriptURL</c-></a>(<c- b>any</c-> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/isScriptURL(value)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-isscripturl-value-value"><code><c- g>value</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-isscripturl-value-value"></a></dfn>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑤"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①"><c- n>TrustedHTML</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedHTML" href="#dom-trustedtypepolicyfactory-emptyhtml" id="ref-for-dom-trustedtypepolicyfactory-emptyhtml"><c- g>emptyHTML</c-></a>;
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑥"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript"><c- n>TrustedScript</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedScript" href="#dom-trustedtypepolicyfactory-emptyscript" id="ref-for-dom-trustedtypepolicyfactory-emptyscript"><c- g>emptyScript</c-></a>;
    <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getattributetype" id="ref-for-dom-trustedtypepolicyfactory-getattributetype"><c- g>getAttributeType</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs, attrNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-tagname"><code><c- g>tagName</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-tagname"></a></dfn>,
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString④"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs, attrNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attribute"><code><c- g>attribute</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attribute"></a></dfn>,
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs, attrNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-elementns"><code><c- g>elementNs</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-elementns"></a></dfn> = "",
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑥"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs, attrNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute, elementNs), TrustedTypePolicyFactory/getAttributeType(tagName, attribute)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attrns"><code><c- g>attrNs</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attrns"></a></dfn> = "");
    <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑦"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getpropertytype" id="ref-for-dom-trustedtypepolicyfactory-getpropertytype"><c- g>getPropertyType</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑧"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getPropertyType(tagName, property, elementNs), TrustedTypePolicyFactory/getPropertyType(tagName, property)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-tagname"><code><c- g>tagName</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-tagname"></a></dfn>,
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑨"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getPropertyType(tagName, property, elementNs), TrustedTypePolicyFactory/getPropertyType(tagName, property)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-property"><code><c- g>property</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-property"></a></dfn>,
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⓪"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicyFactory/getPropertyType(tagName, property, elementNs), TrustedTypePolicyFactory/getPropertyType(tagName, property)" data-dfn-type="argument" data-export id="dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-elementns"><code><c- g>elementNs</c-></code><a class="self-link" href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-elementns"></a></dfn> = "");
    <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑤"><c- n>TrustedTypePolicy</c-></a>? <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedTypePolicy?" href="#dom-trustedtypepolicyfactory-defaultpolicy" id="ref-for-dom-trustedtypepolicyfactory-defaultpolicy"><c- g>defaultPolicy</c-></a>;
};
</pre>
   <p>Internal slot <code>[[DefaultPolicy]]</code> may contain a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑥">TrustedTypePolicy</a></code> object,
and is initially empty.</p>
   <p>Internal slot <code>[[CreatedPolicyNames]]</code> is an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ordered-set" id="ref-for-ordered-set">ordered set</a> of strings,
initially empty.</p>
   <div>
    <dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export data-lt="createPolicy(policyName, policyOptions)|createPolicy(policyName)" id="dom-trustedtypepolicyfactory-createpolicy"><code>createPolicy(policyName, policyOptions)</code></dfn>
     <dd data-md>
      <p>Creates a policy object that will implement the rules
passed in the <code class="idl"><a data-link-type="idl" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions①">TrustedTypePolicyOptions</a></code> <var>policyOptions</var> object.
The allowed policy names may be restricted by <a href="#content-security-policy-hdr">Content Security Policy</a>.
If the policy name is not on the whitelist defined in the <a data-link-type="dfn" href="#trusted-types-directive" id="ref-for-trusted-types-directive">trusted-types</a> CSP directive,
the policy creation fails with a <a href="https://www.w3.org/TR/2016/REC-WebIDL-1-20161215/#idl-Error">TypeError</a>.
Also, if unique policy names are enforced (i.e. <code>'allow-duplicates'</code> is not used),
and <code>createPolicy</code> is called more than once with any given <code>policyName</code>,
policy creation fails with a TypeError.</p>
      <div class="example" id="create-policy-example">
       <a class="self-link" href="#create-policy-example"></a> 
<pre class="highlight"><c- c1>// HTTP Response header: Content-Security-Policy: trusted-types foo</c->
trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- u>"foo"</c-><c- p>,</c-> <c- p>{});</c-> <c- c1>// ok.</c->
trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- u>"bar"</c-><c- p>,</c-> <c- p>{});</c-> <c- c1>// throws - name not on the whitelist.</c->
trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- u>"foo"</c-><c- p>,</c-> <c- p>{});</c-> <c- c1>// throws - duplicate name.</c->
</pre>
      </div>
      <p>Returns the result of executing a <a data-link-type="abstract-op" href="#abstract-opdef-create-a-trusted-type-policy" id="ref-for-abstract-opdef-create-a-trusted-type-policy">Create a Trusted Type Policy</a> algorithm,
with the following arguments:</p>
      <dl>
       <dt>factory
       <dd><a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object">context object</a>
       <dt>policyName
       <dd><var>policyName</var> 
       <dt>options
       <dd><var>policyOptions</var>
       <dt>global
       <dd><a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object①">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global">relevant global object</a>
      </dl>
      <div class="example" id="create-and-used-unexposed-policy">
       <a class="self-link" href="#create-and-used-unexposed-policy"></a> 
<pre class="highlight"><c- kr>const</c-> myPolicy <c- o>=</c-> trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'myPolicy'</c-><c- p>,</c-> <c- p>{</c->
  <c- c1>// This security-critical code needs a security review;</c->
  <c- c1>// a flaw in this code could cause DOM XSS.</c->
  createHTML<c- p>(</c->input<c- p>)</c-> <c- p>{</c-> <c- k>return</c-> aSanitizer<c- p>.</c->sanitize<c- p>(</c->input<c- p>)</c-> <c- p>},</c->
  createScriptURL<c- p>(</c->input<c- p>)</c-> <c- p>{</c->
    <c- kr>const</c-> u <c- o>=</c-> <c- k>new</c-> URL<c- p>(</c->dirty<c- p>,</c-> document<c- p>.</c->baseURI<c- p>);</c->
    <c- k>if</c-> <c- p>(</c->APPLICATION_CONFIG<c- p>.</c->scriptOrigins<c- p>.</c->includes<c- p>(</c->u<c- p>.</c->origin<c- p>))</c-> <c- p>{</c->
      <c- k>return</c-> u<c- p>.</c->href<c- p>;</c->
    <c- p>}</c->
    <c- k>throw</c-> <c- k>new</c-> Error<c- p>(</c-><c- t>'Cannot load scripts from this origin'</c-><c- p>);</c->
  <c- p>},</c->
<c- p>});</c->

document<c- p>.</c->querySelector<c- p>(</c-><c- u>"#foo"</c-><c- p>).</c->innerHTML <c- o>=</c-> myPolicy<c- p>.</c->createHTML<c- p>(</c->aValue<c- p>);</c->
scriptElement<c- p>.</c->src <c- o>=</c-> myPolicy<c- p>.</c->createScriptURL<c- p>(</c->
    <c- t>'https://scripts.myapp.example/script.js'</c-><c- p>);</c->
</pre>
      </div>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export id="dom-trustedtypepolicyfactory-getpolicynames"><code>getPolicyNames()</code></dfn>
     <dd data-md>
      <p>This function returns the names of all the policies that were already created.</p>
      <p>Returns a new list, comprising of all entries  of the <code>[[CreatedPolicyNames]]</code> slot.</p>
      <div class="example" id="get-policy-names-example">
       <a class="self-link" href="#get-policy-names-example"></a> 
<pre class="highlight">trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'foo'</c-><c- p>,</c-> <c- p>...);</c->
trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'bar'</c-><c- p>,</c-> <c- p>...);</c->
trustedTypes<c- p>.</c->getPolicyNames<c- p>();</c-> <c- c1>// ['foo', 'bar']</c->
</pre>
      </div>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export id="dom-trustedtypepolicyfactory-ishtml"><code>isHTML(value)</code></dfn>
     <dd data-md>
      <p>Returns true if value is an instance of <code class="idl"><a data-link-type="idl" href="#trustedhtml" id="ref-for-trustedhtml②">TrustedHTML</a></code> and has its <code>[[Data]]</code> internal slot set, false otherwise.</p>
      <p class="note" role="note"><span>Note:</span> <code>is*</code> functions are used to check if a given object is truly a legitimate <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type①">Trusted Type</a> object (i.e. it was created via one of the configured
policies). This is to be able to detect a forgery of the objects via
e.g. <a href="https://tc39.github.io/ecma262/#sec-object.create">Object.create</a> or prototype chains manipulation.</p>
      <div class="example" id="is-html-example">
       <a class="self-link" href="#is-html-example"></a> 
<pre class="highlight"><c- kr>const</c-> html <c- o>=</c-> policy<c- p>.</c->createHTML<c- p>(</c-><c- t>'&lt;div>'</c-><c- p>);</c->
trustedTypes<c- p>.</c->isHTML<c- p>(</c->html<c- p>);</c-> <c- c1>// true</c->

<c- kr>const</c-> fake <c- o>=</c-> Object<c- p>.</c->create<c- p>(</c->TrustedHTML<c- p>.</c->prototype<c- p>);</c->
trustedTypes<c- p>.</c->isHTML<c- p>(</c->fake<c- p>);</c-> <c- c1>// false</c->

trustedTypes<c- p>.</c->isHTML<c- p>(</c-><c- u>"&lt;div>plain string&lt;/div>"</c-><c- p>);</c-> <c- c1>// false</c->
</pre>
      </div>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export id="dom-trustedtypepolicyfactory-isscript"><code>isScript(value)</code></dfn>
     <dd data-md>
      <p>Returns true if value is an instance of <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①">TrustedScript</a></code> and has its <code>[[Data]]</code> internal slot set, false otherwise.</p>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export id="dom-trustedtypepolicyfactory-isscripturl"><code>isScriptURL(value)</code></dfn>
     <dd data-md>
      <p>Returns true if value is an instance of <code class="idl"><a data-link-type="idl" href="#trustedscripturl" id="ref-for-trustedscripturl">TrustedScriptURL</a></code> and has its <code>[[Data]]</code> internal slot set, false otherwise.</p>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export data-lt="getPropertyType(tagName, property, elementNs)|getPropertyType(tagName, property)" id="dom-trustedtypepolicyfactory-getpropertytype"><code>getPropertyType(tagName, property, elementNs)</code></dfn>
     <dd data-md>
      <p>Allows the authors to check if a Trusted Type is required for a given <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element②">Element</a></code>'s
property (IDL attribute).</p>
      <p>This function returns the result of the following algorithm:</p>
      <ol>
       <li data-md>
        <p>Set <var>localName</var> to <var>tagName</var> in <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-lowercase" id="ref-for-ascii-lowercase">ASCII lowercase</a>.</p>
       <li data-md>
        <p>If <var>elementNs</var> is an empty string, set <var>elementNs</var> to <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#html-namespace" id="ref-for-html-namespace">HTML namespace</a>.</p>
       <li data-md>
        <p>Let <var>interface</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-interface" id="ref-for-concept-element-interface">element interface</a> for <var>localName</var> and <var>elementNs</var>.</p>
       <li data-md>
        <p>If <var>interface</var> has an IDL <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute">attribute</a> member which identifier is <var>attribute</var>, and <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes">TrustedTypes</a></code> IDL extended attribute appears on that attribute, return
stringified <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①">TrustedTypes</a></code>'s identifier and abort futher steps.</p>
        <p class="note" role="note"><span>Note:</span> This also takes into account all members of <a data-link-type="dfn" href="https://heycam.github.io/webidl/#interface-mixin" id="ref-for-interface-mixin">interface mixins</a> that <var>interface</var> <a data-link-type="dfn" href="https://heycam.github.io/webidl/#include" id="ref-for-include">includes</a>.</p>
       <li data-md>
        <p>Return null.</p>
      </ol>
      <div class="example" id="get-property-type-example">
       <a class="self-link" href="#get-property-type-example"></a> 
<pre class="highlight">trustedTypes<c- p>.</c->getPropertyType<c- p>(</c-><c- t>'div'</c-><c- p>,</c-> <c- t>'innerHTML'</c-><c- p>);</c-> <c- c1>// "TrustedHTML"</c->
trustedTypes<c- p>.</c->getPropertyType<c- p>(</c-><c- t>'foo'</c-><c- p>,</c-> <c- t>'bar'</c-><c- p>);</c-> <c- c1>// undefined</c->
</pre>
      </div>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="method" data-export data-lt="getAttributeType(tagName, attribute, elementNs, attrNs)|getAttributeType(tagName, attribute, elementNs)|getAttributeType(tagName, attribute)" id="dom-trustedtypepolicyfactory-getattributetype"><code>getAttributeType(tagName, attribute, elementNs, attrNs)</code></dfn>
     <dd data-md>
      <p>Allows the authors to check if, (and if so, which) Trusted Type is required
for a given <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element③">Element</a></code>'s <a data-link-type="dfn">content attribute</a>, such that later on the call
to <code>Element.setAttribute</code> passes the correct argument type.</p>
      <p>This function returns the result of the following algorithm:</p>
      <ol>
       <li data-md>
        <p>Set <var>localName</var> to <var>tagName</var> in <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-lowercase" id="ref-for-ascii-lowercase①">ASCII lowercase</a>.</p>
       <li data-md>
        <p>Set <var>attribute</var> to <var>attribute</var> in <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-lowercase" id="ref-for-ascii-lowercase②">ASCII lowercase</a>.</p>
       <li data-md>
        <p>If <var>elementNs</var> is an empty string, set <var>elementNs</var> to <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#html-namespace" id="ref-for-html-namespace①">HTML namespace</a>.</p>
       <li data-md>
        <p>If <var>attrNs</var> is an empty string, set <var>attrNs</var> to null.</p>
       <li data-md>
        <p>Let <var>interface</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-interface" id="ref-for-concept-element-interface①">element interface</a> for <var>localName</var> and <var>elementNs</var>.</p>
       <li data-md>
        <p>If <var>interface</var> does not have an IDL <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute①">attribute</a> that <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/common-dom-interfaces.html#reflect" id="ref-for-reflect">reflects</a> a content attribute with <var>localName</var> <a data-link-type="dfn">local name</a> and <var>attrNs</var> <a data-link-type="dfn">namespace</a>,
return undefined and abort further steps. Otherwise, let <var>idlAttribute</var> be that IDL <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute②">attribute</a>.</p>
       <li data-md>
        <p>If <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②">TrustedTypes</a></code> IDL extended attribute appears on <var>idlAttribute</var>, return
stringified <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes③">TrustedTypes</a></code>'s identifier and abort futher steps.</p>
       <li data-md>
        <p>Return null.</p>
      </ol>
      <div class="example" id="get-attribute-type-example">
       <a class="self-link" href="#get-attribute-type-example"></a> 
<pre class="highlight">trustedTypes<c- p>.</c->getAttributeType<c- p>(</c-><c- t>'script'</c-><c- p>,</c-> <c- t>'SRC'</c-><c- p>);</c-> <c- c1>// "TrustedScriptURL"</c->
trustedTypes<c- p>.</c->getAttributeType<c- p>(</c-><c- t>'foo'</c-><c- p>,</c-> <c- t>'bar'</c-><c- p>);</c-> <c- c1>// undefined</c->
</pre>
      </div>
    </dl>
   </div>
   <div>
    <dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="attribute" data-export id="dom-trustedtypepolicyfactory-emptyhtml"><code>emptyHTML</code></dfn>, <span> of type <a data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml③">TrustedHTML</a>, readonly</span>
     <dd data-md>
      <p>is a <code class="idl"><a data-link-type="idl" href="#trustedhtml" id="ref-for-trustedhtml④">TrustedHTML</a></code> object with its <code>[[Data]]</code> internal slot value set to an empty string.</p>
    </dl>
    <div class="example" id="empty-html-example">
     <a class="self-link" href="#empty-html-example"></a> 
<pre class="highlight">anElement<c- p>.</c->innerHTML <c- o>=</c-> trustedTypes<c- p>.</c->emptyHTML<c- p>;</c-> <c- c1>// no need to create a policy</c->
</pre>
    </div>
    <dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="attribute" data-export id="dom-trustedtypepolicyfactory-emptyscript"><code>emptyScript</code></dfn>, <span> of type <a data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript②">TrustedScript</a>, readonly</span>
     <dd data-md>
      <p>is a <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript③">TrustedScript</a></code> object with its <code>[[Data]]</code> internal slot value set to an empty string.</p>
    </dl>
    <p class="note" role="note"><span>Note:</span> This object can be used to detect if the runtime environment has <a href="#csp-eval">§ 4.5.6 Support for eval(TrustedScript)</a>. While native Trusted Types implementation can
support <code>eval(TrustedScript)</code>, it is impossible for a polyfill to  emulate that, as
eval(TrustedScript) will return its input without unwrapping and evaluating the code.</p>
    <div class="example" id="empty-script-example">
     <a class="self-link" href="#empty-script-example"></a> 
<pre class="highlight"><c- c1>// With native Trusted Types support eval(trustedTypes.emptyScript) will execute and return falsy undefined.</c->
<c- c1>// Without it, eval(trustedTypes.emptyScript) will return a truthy Object.</c->
<c- kr>const</c-> supportsTS <c- o>=</c-> <c- o>!</c->eval<c- p>(</c->trustedTypes<c- p>.</c->emptyScript<c- p>);</c->

eval<c- p>(</c->supportsTS <c- o>?</c-> myTrustedScriptObj <c- o>:</c-> myTrustedScriptObj<c- p>.</c->toString<c- p>());</c->
</pre>
    </div>
    <dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyFactory" data-dfn-type="attribute" data-export id="dom-trustedtypepolicyfactory-defaultpolicy"><code>defaultPolicy</code></dfn>, <span> of type <a data-link-type="idl-name" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑦">TrustedTypePolicy</a>, readonly, nullable</span>
     <dd data-md>
      <p>Returns the value of <code>[[DefaultPolicy]]</code> internal slot, or null if the slot is empty.</p>
    </dl>
    <div class="example" id="defaultpolicy-example">
     <a class="self-link" href="#defaultpolicy-example"></a> 
<pre class="highlight">trustedTypes<c- p>.</c->defaultPolicy <c- o>===</c-> <c- kc>null</c-><c- p>;</c->  <c- c1>// true</c->
<c- kr>const</c-> dp <c- o>=</c-> trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'default'</c-><c- p>,</c-> <c- p>{});</c->
trustedTypes<c- p>.</c->defaultPolicy <c- o>===</c-> dp<c- p>;</c->  <c- c1>// true</c->
</pre>
    </div>
   </div>
   <h4 class="heading settled" data-level="2.3.2" id="trusted-type-policy"><span class="secno">2.3.2. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedtypepolicy">TrustedTypePolicy<a class="self-link" href="#typedef-trustedtypepolicy"></a></dfn></span><a class="self-link" href="#trusted-type-policy"></a></h4>
   <p>Policy objects implement a TrustedTypePolicy interface and define a
group of functions creating Trusted Type objects.
Each of the <code>create*</code> functions converts a string value to a given Trusted Type variant, or
throws a TypeError if a conversion of a given value is disallowed.</p>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed④"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="interface" data-export id="trustedtypepolicy"><code><c- g>TrustedTypePolicy</c-></code></dfn> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑦"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①①"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicy" data-dfn-type="attribute" data-export data-readonly data-type="DOMString" id="dom-trustedtypepolicy-name"><code><c- g>name</c-></code><a class="self-link" href="#dom-trustedtypepolicy-name"></a></dfn>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑧"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑤"><c- n>TrustedHTML</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createhtml" id="ref-for-dom-trustedtypepolicy-createhtml①"><c- g>createHTML</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①②"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createHTML(input, ...arguments), TrustedTypePolicy/createHTML(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createhtml-input-arguments-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createhtml-input-arguments-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createHTML(input, ...arguments), TrustedTypePolicy/createHTML(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createhtml-input-arguments-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createhtml-input-arguments-arguments"></a></dfn>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑨"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript④"><c- n>TrustedScript</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createscript" id="ref-for-dom-trustedtypepolicy-createscript①"><c- g>createScript</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①③"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createScript(input, ...arguments), TrustedTypePolicy/createScript(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createscript-input-arguments-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createscript-input-arguments-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createScript(input, ...arguments), TrustedTypePolicy/createScript(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createscript-input-arguments-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createscript-input-arguments-arguments"></a></dfn>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①⓪"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①"><c- n>TrustedScriptURL</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createscripturl" id="ref-for-dom-trustedtypepolicy-createscripturl①"><c- g>createScriptURL</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①④"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createScriptURL(input, ...arguments), TrustedTypePolicy/createScriptURL(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createscripturl-input-arguments-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createscripturl-input-arguments-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="TrustedTypePolicy/createScriptURL(input, ...arguments), TrustedTypePolicy/createScriptURL(input)" data-dfn-type="argument" data-export id="dom-trustedtypepolicy-createscripturl-input-arguments-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-trustedtypepolicy-createscripturl-input-arguments-arguments"></a></dfn>);
};
</pre>
   <p>Each policy has a <dfn class="dfn-paneled" data-dfn-for="TrustedTypePolicy" data-dfn-type="dfn" data-noexport id="trustedtypepolicy-name">name</dfn>.</p>
   <p>Each TrustedTypePolicy object has an <code>[[options]]</code> internal slot, holding the <code class="idl"><a data-link-type="idl" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions②">TrustedTypePolicyOptions</a></code> object describing the actual behavior of the policy.</p>
   <div>
    <dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicy" data-dfn-type="method" data-export data-lt="createHTML(input, ...arguments)|createHTML(input)" id="dom-trustedtypepolicy-createhtml"><code>createHTML(input, ...arguments)</code></dfn>
     <dd data-md>
      <p>Returns the
result of executing the <a data-link-type="abstract-op" href="#abstract-opdef-create-a-trusted-type" id="ref-for-abstract-opdef-create-a-trusted-type">Create a Trusted Type</a> algorithm, with the
following arguments:</p>
      <dl>
       <dt>policy
       <dd><span spec-section="#context-object">context object</span> 
       <dt>trustedTypeName
       <dd><code>"TrustedHTML"</code>
       <dt>value
       <dd>input
       <dt>arguments
       <dd>arguments
      </dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicy" data-dfn-type="method" data-export data-lt="createScript(input, ...arguments)|createScript(input)" id="dom-trustedtypepolicy-createscript"><code>createScript(input, ...arguments)</code></dfn>
     <dd data-md>
      <p>Returns the
result of executing the <a data-link-type="abstract-op" href="#abstract-opdef-create-a-trusted-type" id="ref-for-abstract-opdef-create-a-trusted-type①">Create a Trusted Type</a> algorithm, with the
following arguments:</p>
      <dl>
       <dt>policy
       <dd><span spec-section="#context-object">context object</span> 
       <dt>trustedTypeName
       <dd><code>"TrustedScript"</code>
       <dt>value
       <dd>input
       <dt>arguments
       <dd>arguments
      </dl>
     <dt data-md><dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicy" data-dfn-type="method" data-export data-lt="createScriptURL(input, ...arguments)|createScriptURL(input)" id="dom-trustedtypepolicy-createscripturl"><code>createScriptURL(input, ...arguments)</code></dfn>
     <dd data-md>
      <p>Returns the
result of executing the <a data-link-type="abstract-op" href="#abstract-opdef-create-a-trusted-type" id="ref-for-abstract-opdef-create-a-trusted-type②">Create a Trusted Type</a> algorithm, with the
following arguments:</p>
      <dl>
       <dt>policy
       <dd><span spec-section="#context-object">context object</span> 
       <dt>trustedTypeName
       <dd><code>"TrustedScriptURL"</code>
       <dt>value
       <dd>input
       <dt>arguments
       <dd>arguments
      </dl>
    </dl>
   </div>
   <h4 class="heading settled" data-level="2.3.3" id="trusted-type-policy-options"><span class="secno">2.3.3. </span><span class="content"><dfn class="css" data-dfn-type="type" data-export id="typedef-trustedtypepolicyoptions">TrustedTypePolicyOptions<a class="self-link" href="#typedef-trustedtypepolicyoptions"></a></dfn></span><a class="self-link" href="#trusted-type-policy-options"></a></h4>
   <p>This dictionary holds author-defined functions for converting string
values into trusted values. These functions do not create <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type②">Trusted Type</a> object instances directly - this behavior is provided by <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑧">TrustedTypePolicy</a></code>.</p>
<pre class="idl highlight def"><c- b>dictionary</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="dictionary" data-export id="dictdef-trustedtypepolicyoptions"><code><c- g>TrustedTypePolicyOptions</c-></code></dfn> {
   <a class="n" data-link-type="idl-name" href="#callbackdef-createhtmlcallback" id="ref-for-callbackdef-createhtmlcallback"><c- n>CreateHTMLCallback</c-></a>? <dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyOptions" data-dfn-type="dict-member" data-export data-type="CreateHTMLCallback? " id="dom-trustedtypepolicyoptions-createhtml"><code><c- g>createHTML</c-></code></dfn>;
   <a class="n" data-link-type="idl-name" href="#callbackdef-createscriptcallback" id="ref-for-callbackdef-createscriptcallback"><c- n>CreateScriptCallback</c-></a>? <dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyOptions" data-dfn-type="dict-member" data-export data-type="CreateScriptCallback? " id="dom-trustedtypepolicyoptions-createscript"><code><c- g>createScript</c-></code></dfn>;
   <a class="n" data-link-type="idl-name" href="#callbackdef-createscripturlcallback" id="ref-for-callbackdef-createscripturlcallback"><c- n>CreateScriptURLCallback</c-></a>? <dfn class="dfn-paneled idl-code" data-dfn-for="TrustedTypePolicyOptions" data-dfn-type="dict-member" data-export data-type="CreateScriptURLCallback? " id="dom-trustedtypepolicyoptions-createscripturl"><code><c- g>createScriptURL</c-></code></dfn>;
};
<c- b>callback</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="callback" data-export id="callbackdef-createhtmlcallback"><code><c- g>CreateHTMLCallback</c-></code></dfn> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑤"><c- b>DOMString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑥"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="CreateHTMLCallback" data-dfn-type="argument" data-export id="dom-createhtmlcallback-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-createhtmlcallback-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="CreateHTMLCallback" data-dfn-type="argument" data-export id="dom-createhtmlcallback-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-createhtmlcallback-arguments"></a></dfn>);
<c- b>callback</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="callback" data-export id="callbackdef-createscriptcallback"><code><c- g>CreateScriptCallback</c-></code></dfn> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑦"><c- b>DOMString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑧"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="CreateScriptCallback" data-dfn-type="argument" data-export id="dom-createscriptcallback-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-createscriptcallback-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="CreateScriptCallback" data-dfn-type="argument" data-export id="dom-createscriptcallback-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-createscriptcallback-arguments"></a></dfn>);
<c- b>callback</c-> <dfn class="dfn-paneled idl-code" data-dfn-type="callback" data-export id="callbackdef-createscripturlcallback"><code><c- g>CreateScriptURLCallback</c-></code></dfn> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString"><c- b>USVString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑨"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="CreateScriptURLCallback" data-dfn-type="argument" data-export id="dom-createscripturlcallback-input"><code><c- g>input</c-></code><a class="self-link" href="#dom-createscripturlcallback-input"></a></dfn>, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="CreateScriptURLCallback" data-dfn-type="argument" data-export id="dom-createscripturlcallback-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-createscripturlcallback-arguments"></a></dfn>);
</pre>
   <h4 class="heading settled" data-level="2.3.4" id="default-policy-hdr"><span class="secno">2.3.4. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="default-policy">Default policy</dfn></span><a class="self-link" href="#default-policy-hdr"></a></h4>
   <p><em>This section is not normative.</em></p>
   <p>One of the policies, the policy with a <a data-link-type="dfn" href="#trustedtypepolicy-name" id="ref-for-trustedtypepolicy-name">name</a> <code>"default"</code>, is special;
When an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①②">injection sink</a> is passed a string (instead of a
Trusted Type object), this policy will be implicitly called by
the user agent with the string value as the first argument, and the sink name
as a second argument.</p>
   <p>This allows the application to define a fallback behavior to use instead of
causing a violation. The intention is to allow the applications to recover from
an unexpected data flow, and sanitize the
potentially attacker-controlled string "as a last resort", or reject a value
if a safe value cannot be created. Errors thrown from within a policy are
propagated to the application.</p>
   <p>If the default policy doesn’t exist, or if its appropriate <code>create*</code> function
returns <em>null</em> or <em>undefined</em>, it will cause a CSP violation. In the
enforcing mode, an error will be thrown, but in report-only the original value
passed to the default policy will be used.</p>
   <p class="note" role="note"><span>Note:</span> This optional behavior allows for introducing Trusted Type <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement⑤">enforcement</a> to applications that are still using legacy code that uses injection sinks.
Needless to say, this policy should
necessarily be defined with very strict rules not to bypass the security
restrictions in unknown parts of the application. In an extreme
case, a lax, no-op default policy defeats all the benefits of using Trusted Types
to protect access to <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①③">injection sinks</a>. If possible,
authors should resort to a default policy in a transitional period
only, use it to detect and rewrite their dependencies that use injection
sinks unsafely and eventually phase out the usage of the default policy entirely.</p>
   <p class="note" role="note"><span>Note:</span> See <a href="#get-trusted-type-compliant-string-algorithm">§ 3.3 Get Trusted Type compliant string</a> for details on how
the default policy is applied.</p>
   <div class="example" id="default-policy-example">
    <a class="self-link" href="#default-policy-example"></a> 
<pre class="highlight"><c- c1>// Content-Security-Policy: trusted-types default; require-trusted-types-for 'script'</c->

trustedTypes<c- p>.</c->createPolicy<c- p>(</c-><c- t>'default'</c-><c- p>,</c-> <c- p>{</c->
  createScriptURL<c- o>:</c-> <c- p>(</c->s<c- p>,</c-> sink<c- p>)</c-> <c- p>=></c-> <c- p>{</c->
    console<c- p>.</c->log<c- p>(</c-><c- u>"Please refactor."</c-><c- p>);</c->
    <c- k>return</c-> s <c- o>+</c-> <c- u>"?default-policy-used&amp;sink="</c-> <c- o>+</c-> encodeURIComponent<c- p>(</c->sink<c- p>);</c->
  <c- p>}</c->
<c- p>});</c->

aScriptElement<c- p>.</c->src <c- o>=</c-> <c- u>"https://cdn.example/script.js"</c-><c- p>;</c->
<c- c1>// Please refactor.</c->
console<c- p>.</c->log<c- p>(</c->aScriptElement<c- p>.</c->src<c- p>);</c->
<c- c1>// https://cdn.example/script.js?default-policy-used&amp;sink=script.src</c->
</pre>
   </div>
   <h3 class="heading settled" data-level="2.4" id="enforcement-hdr"><span class="secno">2.4. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="enforcement">Enforcement</dfn></span><a class="self-link" href="#enforcement-hdr"></a></h3>
   <p class="note" role="note"><span>Note:</span> Enforcement is the process of checking that a value
has an appropriate type before it reaches an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①④">injection sink</a>.</p>
   <p>The JavaScript API that allows authors to create policies and Trusted Types objects from them is always
available (via <code class="idl"><a data-link-type="idl" href="#dom-window-trustedtypes" id="ref-for-dom-window-trustedtypes">trustedTypes</a></code>). Since <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⑤">injection sinks</a> stringify their security sensitive
arguments, and <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type③">Trusted Type</a> objects stringify to their inner string values, this allows the authors
to use Trusted Types in place of strings.</p>
   <p>To secure the access to <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⑥">injection sinks</a>, on top of the JavaScript code using the Trusted Types,
the user agent needs to enforce them i.e. assert that the injection sinks from a given group are <em>never</em> called with string values, and Trusted Type values are used instead. This section describes how authors
may control this enforcing behavior.</p>
   <p>Authors may also control their <a data-link-type="dfn" href="#policies" id="ref-for-policies③">policies</a> by specifying rules around policy creation.</p>
   <h4 class="heading settled" data-level="2.4.1" id="content-security-policy-hdr"><span class="secno">2.4.1. </span><span class="content">Content Security Policy</span><a class="self-link" href="#content-security-policy-hdr"></a></h4>
   <p>Applications may control Trusted Type enforcement via <a href="https://www.w3.org/TR/CSP3/#policy-delivery">configuring a Content Security Policy</a>. This document defines new directives that correspond to Trusted Types rules.
The <a href="#require-trusted-types-for-csp-directive">require-trusted-types-for</a> directive specifies the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⑦">injection sinks</a> groups, for which the types should be required. The <a href="#trusted-types-csp-directive">trusted-types</a> directive controls how <a data-link-type="dfn" href="#policies" id="ref-for-policies④">policies</a> can be created.</p>
   <p class="note" role="note"><span>Note:</span> Using CSP mechanisms allows the authors to prepare their application for enforcing Trusted Types
via using the <code class="idl"><a data-link-type="idl">Content-Security-Report-Only</a></code> HTTP Response header.</p>
   <p class="note" role="note"><span>Note:</span> Most of the enforcement rules are defined as modifications of the
algorithms in other specifications, see <a href="#integrations">§ 4 Integrations</a>.</p>
   <h4 class="heading settled" data-level="2.4.2" id="!trustedtypes-extended-attribute"><span class="secno">2.4.2. </span><span class="content">TrustedTypes extended attribute</span><a class="self-link" href="#!trustedtypes-extended-attribute"></a></h4>
   <p class="note" role="note"><span>Note:</span> This section describes the implementation details of the Trusted Types mechanism. IDL extended attributes are not exposed to the JavasScript code.</p>
   <p>To annotate the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⑧">injection sink</a> functions that require Trusted Types, we introduce <dfn class="dfn-paneled idl-code" data-dfn-type="extended-attribute" data-export data-lt="TrustedTypes" data-x="TrustedTypes" id="extendedattrdef-trustedtypes"><code>[TrustedTypes]</code></dfn> IDL <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-extended-attribute" id="ref-for-dfn-extended-attribute">extended attribute</a>. Its presence indicates that the relevant construct is to be supplemented with additional
Trusted Types enforcement logic.</p>
   <p>The <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes④">TrustedTypes</a></code> extended attribute <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-xattr-identifier" id="ref-for-dfn-xattr-identifier">takes an identifier</a> as an argument.
The only valid values for the identifier are <code class="idl"><a data-link-type="idl" href="#trustedhtml" id="ref-for-trustedhtml⑥">TrustedHTML</a></code>, <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript⑤">TrustedScript</a></code>, or <code class="idl"><a data-link-type="idl" href="#trustedscripturl" id="ref-for-trustedscripturl②">TrustedScriptURL</a></code>.
This extended attribute must not appear on anything other than an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute③">attribute</a> or an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-operation" id="ref-for-dfn-operation">operation</a> argument.
Additionally, it must not appear on <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-read-only" id="ref-for-dfn-read-only">read only</a> attributes.</p>
   <p>When the extended attribute appears on an attribute, the setter for that attribute must run the following steps in place of the ones specified in its description:</p>
   <ol>
    <li data-md>
     <p>If <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object②">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global①">relevant global object</a> has a <a data-link-type="dfn" href="#window-trusted-type-policy-factory" id="ref-for-window-trusted-type-policy-factory">trusted type policy factory</a>:</p>
     <p class="issue" id="issue-b92c7a17"><a class="self-link" href="#issue-b92c7a17"></a> Update when workers have TT.</p>
     <ol>
      <li data-md>
       <p>If the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object③">context object</a> is an <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element④">Element</a></code>, let <var>objectName</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object④">context object</a>'s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-local-name" id="ref-for-concept-element-local-name">local name</a>; Otherwise, let <var>objectName</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object⑤">context object</a>'s constructor name.</p>
      <li data-md>
       <p>Set <var>sink</var> to the result of <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#string-concatenate" id="ref-for-string-concatenate">concatenating</a> the list « <var>objectName</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute④">attribute</a> identifier. » with <code>"."</code> as <var>separator</var>.</p>
       <div class="example" id="extended-attribute-attribute-example">
        <a class="self-link" href="#extended-attribute-attribute-example"></a> For example, the following annotation and JavaScript code: 
<pre class="highlight"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <c- g>HTMLScriptElement</c-> {
  [<c- g>CEReactions</c->, <c- g>TrustedTypes</c->=<c- n>TrustedScriptURL</c->] <c- b>attribute</c-> <c- n>ScriptURLString</c-> <c- g>src</c->;
};
</pre>
<pre class="highlight">document<c- p>.</c->createElement<c- p>(</c-><c- t>'script'</c-><c- p>).</c->src <c- o>=</c-> foo<c- p>;</c->
document<c- p>.</c->createElement<c- p>(</c-><c- t>'script'</c-><c- p>).</c->setAttribute<c- p>(</c-><c- t>'SrC'</c-><c- p>,</c-> foo<c- p>);</c->
</pre>
        <p>causes the <var>sink</var> value to be <code>"script.src"</code>.</p>
       </div>
      <li data-md>
       <p>Set <var>value</var> to the result of running the <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string">Get Trusted Type compliant string</a> algorithm, passing the following arguments:</p>
       <ul>
        <li data-md>
         <p>the new value as <var>input</var>,</p>
        <li data-md>
         <p><code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑤">TrustedTypes</a></code> extended attribute identifier as <var>expectedType</var>,</p>
        <li data-md>
         <p><var>sink</var> as <var>sink</var>,</p>
        <li data-md>
         <p><code>'script'</code> as <var>sinkGroup</var>,</p>
        <li data-md>
         <p><a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object⑥">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global②">relevant global object</a> as <var>global</var>.</p>
       </ul>
       <p class="issue" id="issue-adaa63a4"><a class="self-link" href="#issue-adaa63a4"></a> Remove hardcoding 'script' when new sink groups are specified.</p>
      <li data-md>
       <p>If an exception was thrown, rethrow exception and abort further steps.</p>
     </ol>
    <li data-md>
     <p>Run the originally specified steps for this construct, using <var>value</var> as a new value to set.</p>
   </ol>
   <p class="note" role="note"><span>Note:</span> If the IDL attribute <a data-link-type="dfn">reflects</a> a content attribute, identical steps should be performed when that content attribute is modified by JavaScript code e.g. via <code>Element.setAttribute()</code> function.</p>
   <p>When the extended attribute appears on an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-operation" id="ref-for-dfn-operation①">operation</a> argument, before its operation is invoked, run the following steps:</p>
   <ol>
    <li data-md>
     <p>If <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object⑦">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global③">relevant global object</a> has a <a data-link-type="dfn" href="#window-trusted-type-policy-factory" id="ref-for-window-trusted-type-policy-factory①">trusted type policy factory</a>:</p>
     <p class="issue" id="issue-b92c7a17①"><a class="self-link" href="#issue-b92c7a17①"></a> Update when workers have TT.</p>
     <ol>
      <li data-md>
       <p>If the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object⑧">context object</a> is an <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element⑤">Element</a></code>, let <var>objectName</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object⑨">context object</a>'s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-local-name" id="ref-for-concept-element-local-name①">local name</a>; Otherwise, let <var>objectName</var> be the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object①⓪">context object</a>'s constructor name.</p>
      <li data-md>
       <p>Set <var>sink</var> to the result of <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#string-concatenate" id="ref-for-string-concatenate①">concatenating</a> the list « <var>objectName</var>, <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-operation" id="ref-for-dfn-operation②">operation</a> identifier. » with <code>"."</code> as <var>separator</var>.</p>
       <div class="example" id="extended-attribute-operation-example">
        <a class="self-link" href="#extended-attribute-operation-example"></a> For example, the following annotation and JavaScript code: 
<pre class="highlight"><c- b>partial</c-> <c- b>interface</c-> <c- g>Element</c-> {
  <c- b>void</c-> <c- g>insertAdjacentHTML</c->(<c- b>DOMString</c-> <c- g>position</c->, [<c- g>TrustedTypes</c->=<c- n>TrustedHTML</c->] <c- n>HTMLString</c-> <c- g>text</c->);
};
</pre>
<pre class="highlight">document<c- p>.</c->createElement<c- p>(</c-><c- t>'a'</c-><c- p>).</c->insertAdjacentHTML<c- p>(</c-><c- t>'beforebegin'</c-><c- p>,</c-> foo<c- p>);</c->
</pre>
        <p>causes the <var>sink</var> value to be <code>"a.insertAdjacentHTML"</code>.</p>
       </div>
      <li data-md>
       <p>Set the new argument value to the result of running the <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string①">Get Trusted Type compliant string</a> algorithm, passing the following arguments:</p>
       <ul>
        <li data-md>
         <p>the argument value as <var>input</var>,</p>
        <li data-md>
         <p><code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑥">TrustedTypes</a></code> extended attribute identifier as <var>expectedType</var>,</p>
        <li data-md>
         <p><var>sink</var> as <var>sink</var>,</p>
        <li data-md>
         <p><code>'script'</code> as <var>sinkGroup</var>,</p>
        <li data-md>
         <p><a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object①①">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global④">relevant global object</a> as <var>global</var>.</p>
       </ul>
       <p class="issue" id="issue-672bcf0f"><a class="self-link" href="#issue-672bcf0f"></a> Remove hardcoding 'script' when new sink types are specified.</p>
      <li data-md>
       <p>If an exception was thrown, rethrow exception and abort further steps.</p>
     </ol>
    <li data-md>
     <p>Invoke the originally specified steps for the operation.</p>
   </ol>
   <h2 class="heading settled" data-level="3" id="algorithms"><span class="secno">3. </span><span class="content">Algorithms</span><a class="self-link" href="#algorithms"></a></h2>
   <h3 class="heading settled" data-level="3.1" id="create-trusted-type-policy-algorithm"><span class="secno">3.1. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-trusted-type-policy">Create a Trusted Type Policy</dfn></span><a class="self-link" href="#create-trusted-type-policy-algorithm"></a></h3>
   <p>To create a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑨">TrustedTypePolicy</a></code>, given a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicyfactory" id="ref-for-trustedtypepolicyfactory">TrustedTypePolicyFactory</a></code> (<var>factory</var>),
a string (<var>policyName</var>), <code class="idl"><a data-link-type="idl" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions③">TrustedTypePolicyOptions</a></code> dictionary (<var>options</var>), and a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global">global object</a> (<var>global</var>) run these steps:</p>
   <ol>
    <li data-md>
     <p>Let <var>allowedByCSP</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy" id="ref-for-abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">Should Trusted Type policy
creation be blocked by Content Security Policy?</a> algorithm with <var>global</var>, <var>policyName</var> and <var>factory</var>’s <code>[[CreatedPolicyNames]]</code> slot value.</p>
    <li data-md>
     <p>If <var>allowedByCSP</var> is <code>"Blocked"</code>, throw a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror">TypeError</a></code> and abort further steps.</p>
    <li data-md>
     <p>If <var>policyName</var> is <code>default</code> and the <var>factory</var>’s <code>[[DefaultPolicy]]</code> slot
value is not empty, throw a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror①">TypeError</a></code> and abort further steps.</p>
    <li data-md>
     <p>Let <var>policy</var> be a new <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy①⓪">TrustedTypePolicy</a></code> object.</p>
    <li data-md>
     <p>Set <var>policy</var>’s <code>name</code> property value to <var>policyName</var>.</p>
    <li data-md>
     <p>Let <var>policyOptions</var> be a new <code class="idl"><a data-link-type="idl" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions④">TrustedTypePolicyOptions</a></code> object.</p>
    <li data-md>
     <p>Set <var>policyOptions</var> <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createhtml" id="ref-for-dom-trustedtypepolicy-createhtml②">createHTML</a></code> property to <var>option</var>’s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicyoptions-createhtml" id="ref-for-dom-trustedtypepolicyoptions-createhtml">createHTML</a></code> property value.</p>
    <li data-md>
     <p>Set <var>policyOptions</var> <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createscript" id="ref-for-dom-trustedtypepolicy-createscript②">createScript</a></code> property to <var>option</var>’s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicyoptions-createscript" id="ref-for-dom-trustedtypepolicyoptions-createscript">createScript</a></code> property value.</p>
    <li data-md>
     <p>Set <var>policyOptions</var> <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicy-createscripturl" id="ref-for-dom-trustedtypepolicy-createscripturl②">createScriptURL</a></code> property to <var>option</var>’s <code class="idl"><a data-link-type="idl" href="#dom-trustedtypepolicyoptions-createscripturl" id="ref-for-dom-trustedtypepolicyoptions-createscripturl">createScriptURL</a></code> property value.</p>
    <li data-md>
     <p>Set <var>policy</var>’s <code>[[options]]</code> internal slot value to <em>policyOptions</em>.</p>
    <li data-md>
     <p>If the <var>policyName</var> is <code>default</code>, set the <var>factory</var>’s <code>[[DefaultPolicy]]</code> slot value to <var>policy</var>.</p>
    <li data-md>
     <p>Append <var>policyName</var> to <var>factory</var>’s <code>[[CreatedPolicyNames]]</code>.</p>
    <li data-md>
     <p>Return <var>policy</var>.</p>
   </ol>
   <h3 class="heading settled" data-level="3.2" id="create-a-trusted-type-algorithm"><span class="secno">3.2. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-create-a-trusted-type">Create a Trusted Type</dfn></span><a class="self-link" href="#create-a-trusted-type-algorithm"></a></h3>
   <p>Given a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy①①">TrustedTypePolicy</a></code> <var>policy</var>, a type name <var>trustedTypeName</var>,
a string <var>value</var> and a list <var>arguments</var>, execute the following steps:</p>
   <ol>
    <li data-md>
     <p>Let <var>functionName</var> be a function name for the given <var>trustedTypeName</var>,
based on the following table:</p>
     <table>
      <tbody>
       <tr>
        <th>Function name
        <th>Trusted Type name 
       <tr>
        <td>"createHTML"
        <td>"TrustedHTML"
       <tr>
        <td>"createScript"
        <td>"TrustedScript"
       <tr>
        <td>"createScriptURL"
        <td>"TrustedScriptURL"
     </table>
    <li data-md>
     <p>Let <var>options</var> be the value of <var>policy</var>’s <code>[[options]]</code> slot.</p>
    <li data-md>
     <p>Let <var>function</var> be the value of the property in <var>options</var> named <var>functionName</var>.</p>
    <li data-md>
     <p>If <var>function</var> is <code>null</code>, throw a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror②">TypeError</a></code>.</p>
    <li data-md>
     <p>Let <var>policyValue</var> be the result of invoking <var>function</var> with <var>value</var> as a first argument, items of <var>arguments</var> as subsequent arguments,
and <a href="https://tc39.github.io/ecma262/#sec-method">callback **this** value</a> set to <code>null</code>.</p>
    <li data-md>
     <p>If <var>policyValue</var> is an error, return <var>policyValue</var> and abort the following steps.</p>
    <li data-md>
     <p>If <var>policy</var>’s <a data-link-type="dfn" href="#trustedtypepolicy-name" id="ref-for-trustedtypepolicy-name①">name</a> is <code>"default"</code> and the <var>policyValue</var> is null or undefined, return <var>policyValue</var>.</p>
     <p class="note" role="note"><span>Note:</span> This is used in a <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string②">Get Trusted Type compliant string</a> algorithm to signal that
a value was rejected.</p>
    <li data-md>
     <p>Let <var>dataString</var> be the result of stringifying <var>policyValue</var>.</p>
    <li data-md>
     <p>Let <var>trustedObject</var> be a new instance of an interface with a type
name <var>trustedTypeName</var>, with its <code>[[Data]]</code> internal slot value
set to <var>dataString</var>.</p>
    <li data-md>
     <p>Return <var>trustedObject</var>.</p>
   </ol>
   <h3 class="heading settled" data-level="3.3" id="get-trusted-type-compliant-string-algorithm"><span class="secno">3.3. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-get-trusted-type-compliant-string">Get Trusted Type compliant string</dfn></span><a class="self-link" href="#get-trusted-type-compliant-string-algorithm"></a></h3>
   <p>This algorithm will return a string that can be used with an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink①⑨">injection sink</a>, optionally unwrapping it from a matching <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type④">Trusted Type</a>.
It will ensure that the Trusted Type <a data-link-type="dfn" href="#enforcement" id="ref-for-enforcement⑥">enforcement</a> rules were respected.</p>
   <p>Given a <code class="idl"><a data-link-type="idl" href="#typedefdef-trustedtype" id="ref-for-typedefdef-trustedtype">TrustedType</a></code> type (<var>expectedType</var>), a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global①">global object</a> (<var>global</var>), <code class="idl"><a data-link-type="idl" href="#typedefdef-trustedtype" id="ref-for-typedefdef-trustedtype①">TrustedType</a></code> or a string (<var>input</var>), a string (<var>sink</var>) and a string (<var>sinkGroup</var>), run these steps:</p>
   <ol>
    <li data-md>
     <p class="assertion">Assert: <var>global</var> is a <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code>.</p>
     <p class="issue" id="issue-74c24ff1"><a class="self-link" href="#issue-74c24ff1"></a> Synchronize when TT are added to workers (perhaps use "has a CSP list"?)</p>
    <li data-md>
     <p>Let <var>cspList</var> be the <var>global</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/dom.html#concept-document-csp-list" id="ref-for-concept-document-csp-list">CSP list</a>.</p>
    <li data-md>
     <p>If <var>cspList</var> does not contain a <a href="https://www.w3.org/TR/CSP3/#content-security-policy-object">policy</a> which <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-directive-set" id="ref-for-policy-directive-set">directive set</a> containing a <a href="https://www.w3.org/TR/CSP3/#directives">directive</a> with a name <code>"require-trusted-types-for"</code>,
or that directive does not contain a <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group③">trusted-types-sink-group</a> which is a match for a value <var>sinkGroup</var>,
return stringified <var>input</var> and abort these steps.</p>
    <li data-md>
     <p>If <var>input</var> has type <var>expectedType</var>, return stringified <var>input</var> and abort these steps.</p>
    <li data-md>
     <p>Let <var>convertedInput</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-process-value-with-a-default-policy" id="ref-for-abstract-opdef-process-value-with-a-default-policy">Process value with a default policy</a> with the same arguments as this algorithm.</p>
    <li data-md>
     <p>If the algorithm threw an error, rethrow the error and abort the following steps.</p>
    <li data-md>
     <p>If <var>convertedInput</var> is <code>null</code> or <code>undefined</code>, execute the following steps:</p>
     <ol>
      <li data-md>
       <p>Let <var>disposition</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy" id="ref-for-abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">Should sink type mismatch violation be blocked by Content Security Policy?</a> algorithm,
passing <var>global</var>, <var>input</var> as <var>source</var>, <var>sinkGroup</var> and <var>sink</var>.</p>
      <li data-md>
       <p>If <var>disposition</var> is <code>“Allowed”</code>, return stringified <var>input</var> and abort futher steps.</p>
       <p class="note" role="note"><span>Note:</span> This step assures that the default policy rejection will be reported, but ignored in a report-only mode.</p>
      <li data-md>
       <p>Throw a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror③">TypeError</a></code> and abort further steps.</p>
     </ol>
    <li data-md>
     <p class="assertion">Assert: <var>convertedInput</var> has type <var>expectedType</var>.</p>
    <li data-md>
     <p>Return stringified <var>convertedInput</var>.</p>
   </ol>
   <h3 class="heading settled" data-level="3.4" id="process-value-with-a-default-policy-algorithm"><span class="secno">3.4. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-process-value-with-a-default-policy">Process value with a default policy</dfn></span><a class="self-link" href="#process-value-with-a-default-policy-algorithm"></a></h3>
   <p>This algorithm routes a value to be assigned to an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⓪">injection sink</a> through a default policy, should one exist.</p>
   <p>Given a <code class="idl"><a data-link-type="idl" href="#typedefdef-trustedtype" id="ref-for-typedefdef-trustedtype②">TrustedType</a></code> type (<var>expectedType</var>), a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global②">global object</a> (<var>global</var>), <code class="idl"><a data-link-type="idl" href="#typedefdef-trustedtype" id="ref-for-typedefdef-trustedtype③">TrustedType</a></code> or a string (<var>input</var>), and a string (<var>sink</var>), run these steps:</p>
   <ol>
    <li data-md>
     <p>Let <var>defaultPolicy</var> be the value of <var>global</var>’s <a data-link-type="dfn" href="#window-trusted-type-policy-factory" id="ref-for-window-trusted-type-policy-factory②">trusted type policy factory</a>'s <code>[[DefaultPolicy]]</code> slot. If the slot is empty, return <code>null</code>.</p>
    <li data-md>
     <p>Let <var>convertedInput</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-create-a-trusted-type" id="ref-for-abstract-opdef-create-a-trusted-type③">Create a
Trusted Type</a> algorithm, with the following arguments:</p>
     <ul>
      <li data-md>
       <p><var>defaultPolicy</var> as <var>policy</var></p>
      <li data-md>
       <p><var>input</var> as <var>value</var></p>
      <li data-md>
       <p><var>expectedType</var>’s type name as <var>trustedTypeName</var></p>
      <li data-md>
       <p>« <var>sink</var> » as <var>arguments</var></p>
     </ul>
    <li data-md>
     <p>If the algorithm threw an error, rethrow it. Otherwise, return <var>convertedInput</var>.</p>
   </ol>
   <h3 class="heading settled" data-level="3.5" id="prepare-script-url-and-text"><span class="secno">3.5. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-prepare-the-script-url-and-text">Prepare the script URL and text</dfn></span><a class="self-link" href="#prepare-script-url-and-text"></a></h3>
   <p>Given a <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-requestdestination-script" id="ref-for-dom-requestdestination-script">script</a></code> (<var>script</var>), this algorithm performs the following steps:</p>
   <ol>
    <li data-md>
     <p>If <var>script</var> does not have a <code class="idl"><a data-link-type="idl">src</a></code> content attribute, set its <code class="idl"><a data-link-type="idl">[[ScriptURL]]</a></code> internal slot value to <code>null</code>.</p>
    <li data-md>
     <p>Otherwise, if <var>script</var>’s <code class="idl"><a data-link-type="idl">[[ScriptURL]]</a></code> internal slot value is not equal to its <code class="idl"><a data-link-type="idl">src</a></code> attribute value,
set <var>script</var>’s <code class="idl"><a data-link-type="idl">[[ScriptURL]]</a></code> to the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string③">Get Trusted Type compliant string</a>, with the following arguments:</p>
     <ul>
      <li data-md>
       <p><code class="idl"><a data-link-type="idl" href="#trustedscripturl" id="ref-for-trustedscripturl③">TrustedScriptURL</a></code> as <var>expectedType</var>,</p>
      <li data-md>
       <p><var>script</var>’s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document①">Document</a></code>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global⑤">relevant global object</a> as <var>global</var>,</p>
      <li data-md>
       <p><var>script</var>’s <code class="idl"><a data-link-type="idl">src</a></code> attribute value as <var>input</var>,</p>
      <li data-md>
       <p><code>script.src</code> as <var>sink</var>,</p>
      <li data-md>
       <p><code>'script'</code> as <var>sinkGroup</var>.</p>
     </ul>
     <p>If the algorithm threw an error, rethrow the error and abort further steps.</p>
    <li data-md>
     <p>If <var>script</var>’s <code class="idl"><a data-link-type="idl">[[ScriptText]]</a></code> internal slot value is not equal to its <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-child-text-content" id="ref-for-concept-child-text-content">child text content</a>,
set <var>script</var>’s <code class="idl"><a data-link-type="idl">[[ScriptText]]</a></code> to the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string④">Get Trusted Type compliant string</a>, with the following arguments:</p>
     <ul>
      <li data-md>
       <p><code class="idl"><a data-link-type="idl" href="#trustedscripturl" id="ref-for-trustedscripturl④">TrustedScriptURL</a></code> as <var>expectedType</var>,</p>
      <li data-md>
       <p><var>script</var>’s <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document②">Document</a></code>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global⑥">relevant global object</a> as <var>global</var>,</p>
      <li data-md>
       <p><var>script</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-child-text-content" id="ref-for-concept-child-text-content①">child text content</a> attribute value,</p>
      <li data-md>
       <p><code>script.text</code> as <var>sink</var>,</p>
      <li data-md>
       <p><code>'script'</code> as <var>sinkGroup</var>.</p>
     </ul>
     <p>If the algorithm threw an error, rethrow the error.</p>
   </ol>
   <h2 class="heading settled" data-level="4" id="integrations"><span class="secno">4. </span><span class="content">Integrations</span><a class="self-link" href="#integrations"></a></h2>
<pre class="idl highlight def"><c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②⓪"><c- b>DOMString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑦"><c- n>TrustedHTML</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-htmlstring"><code><c- g>HTMLString</c-></code></dfn>;
<c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②①"><c- b>DOMString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑥"><c- n>TrustedScript</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-scriptstring"><code><c- g>ScriptString</c-></code></dfn>;
<c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①"><c- b>USVString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑤"><c- n>TrustedScriptURL</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-scripturlstring"><code><c- g>ScriptURLString</c-></code></dfn>;
<c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑧"><c- n>TrustedHTML</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑦"><c- n>TrustedScript</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑥"><c- n>TrustedScriptURL</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-trustedtype"><code><c- g>TrustedType</c-></code></dfn>;

<c- b>typedef</c-> (([<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#TreatNullAs" id="ref-for-TreatNullAs"><c- g>TreatNullAs</c-></a>=<a class="n" data-link-type="idl-name"><c- n>EmptyString</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②②"><c- b>DOMString</c-></a>) <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑨"><c- n>TrustedHTML</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-htmlstringdefaultsempty"><code><c- g>HTMLStringDefaultsEmpty</c-></code></dfn>;
</pre>
   <p class="note" role="note"><span>Note:</span> <code class="idl"><a data-link-type="idl" href="#typedefdef-htmlstringdefaultsempty" id="ref-for-typedefdef-htmlstringdefaultsempty">HTMLStringDefaultsEmpty</a></code> is a non-nullable variant that accepts <em>null</em> on set.
Having this separate type allows <a href="https://heycam.github.io/webidl/#TreatNullAs">Web IDL §3.3.22 [TreatNullAs]</a> to attach to DOMString
per heycam/webidl#441.</p>
   <p class="issue" id="issue-52d7d8d6"><a class="self-link" href="#issue-52d7d8d6"></a> <a href="https://heycam.github.io/webidl/#TreatNullAs">TreatNullAs=EmptyString</a> is confusing.
See note "It should not be used in specifications unless ...".
For some sinks a <code>null</code> value will result in "", and "null" for others.
This already caused problems in the polyfill. <a href="https://github.com/w3c/webappsec-trusted-types/issues/2">&lt;https://github.com/w3c/webappsec-trusted-types/issues/2></a></p>
   <h3 class="heading settled" data-level="4.1" id="integration-with-html"><span class="secno">4.1. </span><span class="content">Integration with HTML</span><a class="self-link" href="#integration-with-html"></a></h3>
   <p><code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window①">Window</a></code> objects have a <dfn class="dfn-paneled" data-dfn-for="Window" data-dfn-type="dfn" data-noexport id="window-trusted-type-policy-factory">trusted type policy factory</dfn>,
which is a <code class="idl"><a data-link-type="idl" href="#trustedtypepolicyfactory" id="ref-for-trustedtypepolicyfactory①">TrustedTypePolicyFactory</a></code> object.</p>
   <p class="issue" id="issue-a5679137"><a class="self-link" href="#issue-a5679137"></a> Define for workers.</p>
   <h4 class="heading settled" data-level="4.1.1" id="extensions-to-the-window-interface"><span class="secno">4.1.1. </span><span class="content">Extensions to the Window interface</span><a class="self-link" href="#extensions-to-the-window-interface"></a></h4>
   <p>This document extends the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window②">Window</a></code> interface defined by <a data-link-type="biblio" href="#biblio-html5">HTML</a>:</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window③"><c- g>Window</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①①"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c->
      <a class="n" data-link-type="idl-name" href="#trustedtypepolicyfactory" id="ref-for-trustedtypepolicyfactory②"><c- n>TrustedTypePolicyFactory</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="Window" data-dfn-type="attribute" data-export data-readonly data-type="TrustedTypePolicyFactory" id="dom-window-trustedtypes"><code><c- g>trustedTypes</c-></code></dfn>;
};
</pre>
   <p><code class="idl"><a data-link-type="idl" href="#dom-window-trustedtypes" id="ref-for-dom-window-trustedtypes①">trustedTypes</a></code> returns the <a href="#integration-with-html">trusted
type policy factory</a> of the current <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window④">Window</a></code>.</p>
   <p class="note" role="note"><span>Note:</span> The implementation in Chrome &lt; 78 uses <code>window.TrustedTypes</code> instead
      of <code>window.trustedTypes</code>.</p>
   <p class="issue" id="issue-3d9ee9e6"><a class="self-link" href="#issue-3d9ee9e6"></a> Remove the note when the API in Chrome is shipped.</p>
   <h4 class="heading settled" data-level="4.1.2" id="extensions-to-the-document-interface"><span class="secno">4.1.2. </span><span class="content">Extensions to the Document interface</span><a class="self-link" href="#extensions-to-the-document-interface"></a></h4>
   <p>This document modifies the <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#document" id="ref-for-document③">Document</a></code> interface defined by <a data-link-type="biblio" href="#biblio-html5">HTML</a>:</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#document" id="ref-for-document④"><c- g>Document</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions"><c- g>CEReactions</c-></a>] <c- b>void</c-> <dfn class="dfn-paneled idl-code" data-dfn-for="Document" data-dfn-type="method" data-export data-lt="write(...text)|write()" id="dom-document-write"><code><c- g>write</c-></code></dfn>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑦"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⓪"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring"><c- n>HTMLString</c-></a>... <dfn class="idl-code" data-dfn-for="Document/write(...text), Document/write()" data-dfn-type="argument" data-export id="dom-document-write-text-text"><code><c- g>text</c-></code><a class="self-link" href="#dom-document-write-text-text"></a></dfn>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①"><c- g>CEReactions</c-></a>] <c- b>void</c-> <dfn class="idl-code" data-dfn-for="Document" data-dfn-type="method" data-export data-lt="writeln(...text)|writeln()" id="dom-document-writeln"><code><c- g>writeln</c-></code><a class="self-link" href="#dom-document-writeln"></a></dfn>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑧"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring①"><c- n>HTMLString</c-></a>... <dfn class="idl-code" data-dfn-for="Document/writeln(...text), Document/writeln()" data-dfn-type="argument" data-export id="dom-document-writeln-text-text"><code><c- g>text</c-></code><a class="self-link" href="#dom-document-writeln-text-text"></a></dfn>);
};
</pre>
   <h4 class="heading settled" data-level="4.1.3" id="enfocement-in-scripts"><span class="secno">4.1.3. </span><span class="content">Enforcement for scripts</span><a class="self-link" href="#enfocement-in-scripts"></a></h4>
   <h5 class="heading settled" data-level="4.1.3.1" id="slots-with-trusted-values"><span class="secno">4.1.3.1. </span><span class="content">Slots with trusted values</span><a class="self-link" href="#slots-with-trusted-values"></a></h5>
   <p>This document modifies <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-requestdestination-script" id="ref-for-dom-requestdestination-script①">script</a></code> elements. Each script has:</p>
   <dl>
    <dt data-md><dfn data-dfn-for="script" data-dfn-type="dfn" data-noexport id="script-scripturl"><code>[[ScriptURL]]</code><a class="self-link" href="#script-scripturl"></a></dfn> internal slot.
    <dd data-md>
     <p>A string, containing the URL to execute the script from
that was set through a <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑨">TrustedTypes</a></code> compliant sink. Equivalent to <code class="idl"><a data-link-type="idl" href="#dom-htmlscriptelement-src" id="ref-for-dom-htmlscriptelement-src①">src</a></code> attribute value. Initially null.</p>
    <dt data-md><dfn data-dfn-for="script" data-dfn-type="dfn" data-noexport id="script-scripttext"><code>[[ScriptText]]</code><a class="self-link" href="#script-scripttext"></a></dfn> internal slot.
    <dd data-md>
     <p>A string, containing the body of the script to execute that was set
through a <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⓪">TrustedTypes</a></code> compliant sink. Equivalent to script’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-child-text-content" id="ref-for-concept-child-text-content②">child text content</a>. Initially null.</p>
   </dl>
   <h5 class="heading settled" data-level="4.1.3.2" id="setting-slot-values"><span class="secno">4.1.3.2. </span><span class="content">Setting slot values</span><a class="self-link" href="#setting-slot-values"></a></h5>
   <p>This document modifies how <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement" id="ref-for-htmlscriptelement">HTMLScriptElement</a></code> <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-child-text-content" id="ref-for-concept-child-text-content③">child text content</a> can be set to allow applications to control dynamically created scripts. It does so by
adding the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/dom.html#dom-innertext" id="ref-for-dom-innertext">innerText</a></code> and <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#dom-node-textcontent" id="ref-for-dom-node-textcontent">textContent</a></code> attributes directly on <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement" id="ref-for-htmlscriptelement①">HTMLScriptElement</a></code>. The behavior of the attributes remains the same
as in their original counterparts, apart from additional behavior triggered by the <code class="idl"><a data-link-type="idl" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①①">TrustedTypes</a></code> extended attribute presence.</p>
   <p class="note" role="note"><span>Note:</span> Using these IDL attributes is the recommended way of dynamically setting URL or a text of a script. Manipulating attribute nodes or text nodes directly will call a default policy on the final value when the script is prepared.</p>
   <p class="issue" id="issue-62c0f2c6"><a class="self-link" href="#issue-62c0f2c6"></a> Figure out what to do with script.setAttribute('src'). See <a href="https://github.com/whatwg/dom/issues/789">DOM#789</a>.</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement" id="ref-for-htmlscriptelement②"><c- g>HTMLScriptElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement"><c- n>HTMLElement</c-></a> {
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions②"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①②"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑧"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#TreatNullAs" id="ref-for-TreatNullAs①"><c- g>TreatNullAs</c-></a>=<a class="n" data-link-type="idl-name"><c- n>EmptyString</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring"><c- n>ScriptString</c-></a> <dfn class="idl-code" data-dfn-for="HTMLScriptElement" data-dfn-type="attribute" data-export data-type="[TreatNullAs=EmptyString] ScriptString" id="dom-htmlscriptelement-innertext"><code><c- g>innerText</c-></code><a class="self-link" href="#dom-htmlscriptelement-innertext"></a></dfn>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions③"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①③"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑨"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring①"><c- n>ScriptString</c-></a>? <dfn class="idl-code" data-dfn-for="HTMLScriptElement" data-dfn-type="attribute" data-export data-type="ScriptString?" id="dom-htmlscriptelement-textcontent"><code><c- g>textContent</c-></code><a class="self-link" href="#dom-htmlscriptelement-textcontent"></a></dfn>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions④"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①④"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑦"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring"><c- n>ScriptURLString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="HTMLScriptElement" data-dfn-type="attribute" data-export data-type="ScriptURLString" id="dom-htmlscriptelement-src"><code><c- g>src</c-></code></dfn>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑤"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑤"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript①⓪"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring②"><c- n>ScriptString</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="HTMLScriptElement" data-dfn-type="attribute" data-export data-type="ScriptString" id="dom-htmlscriptelement-text"><code><c- g>text</c-></code></dfn>;
};
</pre>
   <p>On setting, the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/dom.html#dom-innertext" id="ref-for-dom-innertext①">innerText</a></code>, <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#dom-node-textcontent" id="ref-for-dom-node-textcontent①">textContent</a></code> and <code class="idl"><a data-link-type="idl" href="#dom-htmlscriptelement-text" id="ref-for-dom-htmlscriptelement-text①">text</a></code> IDL attributes perform the regular steps, and then set <a data-link-type="dfn">content object</a>'s <code class="idl"><a data-link-type="idl">[[ScriptText]]</a></code> internal slot value with the stringified value.</p>
   <p>On setting, the <code class="idl"><a data-link-type="idl" href="#dom-htmlscriptelement-src" id="ref-for-dom-htmlscriptelement-src②">src</a></code> IDL attribute performs the usual steps, and then sets <a data-link-type="dfn">content object</a>'s <code class="idl"><a data-link-type="idl">[[ScriptURL]]</a></code> internal slot value to its <code class="idl"><a data-link-type="idl">src</a></code> content attribute value.</p>
   <h5 class="heading settled" data-level="4.1.3.3" id="slot-value-verification"><span class="secno">4.1.3.3. </span><span class="content">Slot value verification</span><a class="self-link" href="#slot-value-verification"></a></h5>
   <p>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script" id="ref-for-prepare-a-script">prepare a script</a> algorithm is modified as follows:</p>
   <ol>
    <li>
     <p>If the <code id="script-processing-model:the-script-element-18"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element is marked as having <a href="https://html.spec.whatwg.org/#already-started" id="script-processing-model:already-started">"already started"</a>, then
    return. The script is not executed.</p>
    <li>
     <p>If the element has its <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-3">"parser-inserted"</a> flag set, then set <var>was-parser-inserted</var> to true and unset the element’s <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-4">"parser-inserted"</a> flag. Otherwise, set <var>was-parser-inserted</var> to
    false.</p>
     <p class="note" role="note">This is done so that if parser-inserted <code id="script-processing-model:the-script-element-19"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> elements fail to run
    when the parser tries to run them, e.g. because they are empty or specify an unsupported
    scripting language, another script can later mutate them and cause them to run again.</p>
    <li>
     <p>If <var>was-parser-inserted</var> is true and the element does not have an <code id="script-processing-model:attr-script-async-2"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute, then set the element’s <a href="https://html.spec.whatwg.org/#non-blocking" id="script-processing-model:non-blocking-3">"non-blocking"</a> flag to true.</p>
     <p class="note" role="note">This is done so that if a parser-inserted <code id="script-processing-model:the-script-element-20"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element fails to
    run when the parser tries to run it, but it is later executed after a script dynamically updates
    it, it will execute in a non-blocking fashion even if the <code id="script-processing-model:attr-script-async-3"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute isn’t set.</p>
    <li>
     <ins>Execute the <a data-link-type="abstract-op" href="#abstract-opdef-prepare-the-script-url-and-text" id="ref-for-abstract-opdef-prepare-the-script-url-and-text">Prepare the script URL and text</a> algorithm upon the <code class="idl"><a data-link-type="idl" href="https://fetch.spec.whatwg.org/#dom-requestdestination-script" id="ref-for-dom-requestdestination-script②">script</a></code> element. If that algorithm threw an error, then return. The script is not executed. </ins>
    <li>
     <p>
      Let <var>source text</var> be the element’s 
      <del><a data-x-internal="child-text-content" href="https://dom.spec.whatwg.org/#concept-child-text-content" id="script-processing-model:child-text-content">child text content</a></del>
      <ins><code>[[ScriptText]]</code> internal slot value</ins>
      .
     </p>
    <li>
     <ins>
      <p>Let <var>src</var> be the element’s <code>[[ScriptURL]]</code> internal slot value.</p>
     </ins>
    <li id="script-processing-empty">
     <a class="self-link" href="#script-processing-empty"></a> 
     <p>
      If 
      <del>the element has no <code id="script-processing-model:attr-script-src-3"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute</del>
      <ins><var>src</var> is null</ins>
      , and <var>source
    text</var> is the empty string, then return. The script is not executed.
     </p>
    <li>
     <p>If the element is not <a data-x-internal="connected" href="https://dom.spec.whatwg.org/#connected" id="script-processing-model:connected-3">connected</a>, then return. The script is not
   executed.</p>
    <li id="script-processing-prepare">
     <a class="self-link" href="#script-processing-prepare"></a> 
     <p>If either:</p>
     <ul class="brief">
      <li>the <code id="script-processing-model:the-script-element-21"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has a <code id="script-processing-model:attr-script-type-2"><a href="https://html.spec.whatwg.org/#attr-script-type">type</a></code> attribute
     and its value is the empty string, or
      <li>the <code id="script-processing-model:the-script-element-22"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has no <code id="script-processing-model:attr-script-type-3"><a href="https://html.spec.whatwg.org/#attr-script-type">type</a></code> attribute
     but it has a <code id="script-processing-model:attr-script-language"><a href="https://html.spec.whatwg.org/#attr-script-language">language</a></code> attribute and <em>that</em> attribute’s value is the empty string, or
      <li>the <code id="script-processing-model:the-script-element-23"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has neither a <code id="script-processing-model:attr-script-type-4"><a href="https://html.spec.whatwg.org/#attr-script-type">type</a></code> attribute nor a <code id="script-processing-model:attr-script-language-2"><a href="https://html.spec.whatwg.org/#attr-script-language">language</a></code> attribute, then
     </ul>
     <p>...let <var>the script block’s type string</var> for this <code id="script-processing-model:the-script-element-24"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element be
    "<code>text/javascript</code>".</p>
     <p>Otherwise, if the <code id="script-processing-model:the-script-element-25"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has a <code id="script-processing-model:attr-script-type-5"><a href="https://html.spec.whatwg.org/#attr-script-type">type</a></code> attribute, let <var>the script block’s type string</var> for this <code id="script-processing-model:the-script-element-26"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element be the value of that attribute with <a data-x-internal="strip-leading-and-trailing-ascii-whitespace" href="https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace" id="script-processing-model:strip-leading-and-trailing-ascii-whitespace">leading and trailing ASCII whitespace
    stripped</a>.</p>
     <p>Otherwise, the element has a non-empty <code id="script-processing-model:attr-script-language-3"><a href="https://html.spec.whatwg.org/#attr-script-language">language</a></code> attribute; let <var>the script block’s type string</var> for this <code id="script-processing-model:the-script-element-27"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element
    be the concatenation of the string "<code>text/</code>" followed by the value of the <code id="script-processing-model:attr-script-language-4"><a href="https://html.spec.whatwg.org/#attr-script-language">language</a></code> attribute.</p>
     <p class="note" role="note">The <code id="script-processing-model:attr-script-language-5"><a href="https://html.spec.whatwg.org/#attr-script-language">language</a></code> attribute is never
    conforming, and is always ignored if there is a <code id="script-processing-model:attr-script-type-6"><a href="https://html.spec.whatwg.org/#attr-script-type">type</a></code> attribute present.</p>
     <p>Determine <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type">the script’s type</a> as follows:</p>
     <ul>
      <li>If <var>the script block’s type string</var> is a <a data-x-internal="javascript-mime-type-essence-match" href="https://mimesniff.spec.whatwg.org/#javascript-mime-type-essence-match" id="script-processing-model:javascript-mime-type-essence-match">JavaScript MIME type essence
     match</a>, <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-2">the script’s type</a> is "<code>classic</code>".
      <li>If <var>the script block’s type string</var> is an <a data-x-internal="ascii-case-insensitive" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="script-processing-model:ascii-case-insensitive">ASCII case-insensitive</a> match for the string "<code>module</code>", <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-3">the
     script’s type</a> is "<code>module</code>".
      <li>If neither of the above conditions are true, then return. No script is executed.
     </ul>
    <li>
     <p>If <var>was-parser-inserted</var> is true, then flag the element as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-5">"parser-inserted"</a> again, and set the element’s <a href="https://html.spec.whatwg.org/#non-blocking" id="script-processing-model:non-blocking-4">"non-blocking"</a> flag to
    false.</p>
    <li id="script-processing-start">
     <a class="self-link" href="#script-processing-start"></a> 
     <p>Set the element’s <a href="https://html.spec.whatwg.org/#already-started" id="script-processing-model:already-started-2">"already started"</a> flag.</p>
    <li>
     <p>If the element is flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-6">"parser-inserted"</a>, but the element’s <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-2">node document</a> is not the <code id="script-processing-model:document"><a href="https://html.spec.whatwg.org/#document">Document</a></code> of the parser that created the
    element, then return.</p>
    <li id="script-processing-noscript">
     <a class="self-link" href="#script-processing-noscript"></a> 
     <p>If <a href="https://html.spec.whatwg.org/#concept-n-noscript" id="script-processing-model:concept-n-noscript">scripting is disabled</a> for the <code id="script-processing-model:the-script-element-28"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element, then return. The script is not executed.</p>
     <p class="note" role="note">The definition of <a href="https://html.spec.whatwg.org/#concept-n-noscript" id="script-processing-model:concept-n-noscript-2">scripting is disabled</a> means that, amongst others, the following scripts will not execute: scripts in <code id="script-processing-model:xmlhttprequest"><a data-x-internal="xmlhttprequest" href="https://xhr.spec.whatwg.org/#xmlhttprequest">XMLHttpRequest</a></code>’s <code id="script-processing-model:dom-xmlhttprequest-responsexml"><a data-x-internal="dom-xmlhttprequest-responsexml" href="https://xhr.spec.whatwg.org/#dom-xmlhttprequest-responsexml">responseXML</a></code> documents, scripts in <code id="script-processing-model:domparser"><a data-x-internal="domparser" href="https://w3c.github.io/DOM-Parsing/#the-domparser-interface">DOMParser</a></code>-created documents, scripts in documents created by <code id="script-processing-model:xsltprocessor"><a href="https://html.spec.whatwg.org/#xsltprocessor">XSLTProcessor</a></code>’s <code id="script-processing-model:dom-xsltprocessor-transformtodocument"><a href="https://html.spec.whatwg.org/#dom-xsltprocessor-transformtodocument">transformToDocument</a></code> feature, and scripts
    that are first inserted by a script into a <code id="script-processing-model:document-2"><a href="https://html.spec.whatwg.org/#document">Document</a></code> that was created using the <code id="script-processing-model:dom-domimplementation-createdocument"><a data-x-internal="dom-domimplementation-createdocument" href="https://dom.spec.whatwg.org/#dom-domimplementation-createdocument">createDocument()</a></code> API. <a href="https://html.spec.whatwg.org/#refsXHR">\[XHR\]</a> <a href="https://html.spec.whatwg.org/#refsDOMPARSING">\[DOMPARSING\]</a> <a href="https://html.spec.whatwg.org/#refsXSLTP">\[XSLTP\]</a> <a href="https://html.spec.whatwg.org/#refsDOM">\[DOM\]</a></p>
    <li>
     <p>If the <code id="script-processing-model:the-script-element-29"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has a <code id="script-processing-model:attr-script-nomodule"><a href="https://html.spec.whatwg.org/#attr-script-nomodule">nomodule</a></code> content attribute and <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-4">the script’s type</a> is "<code>classic</code>", then return. The script is not executed.</p>
     <p class="note" role="note">This means specifying <code id="script-processing-model:attr-script-nomodule-2"><a href="https://html.spec.whatwg.org/#attr-script-nomodule">nomodule</a></code> on a <a href="https://html.spec.whatwg.org/#module-script" id="script-processing-model:module-script">module script</a> has no effect; the algorithm continues onward.</p>
    <li id="script-processing-csp">
     <a class="self-link" href="#script-processing-csp"></a>
     <p>
      If 
      <del>the <code id="script-processing-model:the-script-element-30"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element does not have a <code id="script-processing-model:attr-script-src-4"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> content attribute</del>
      <ins><var>src</var> is null</ins>
      , and the <a data-x-internal="should-element’s-inline-behavior-be-blocked-by-content-security-policy" href="https://w3c.github.io/webappsec-csp/#should-block-inline" id="script-processing-model:should-element’s-inline-behavior-be-blocked-by-content-security-policy">Should element’s inline
   behavior be blocked by Content Security Policy?</a> algorithm returns "<code>Blocked</code>" when executed upon the <code id="script-processing-model:the-script-element-31"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element, "<code>script</code>", and <var>source text</var>, then return. The script is not executed. <a href="https://html.spec.whatwg.org/#refsCSP">\[CSP\]</a>
     </p>
    <li id="script-processing-for">
     <a class="self-link" href="#script-processing-for"></a> 
     <p>If the <code id="script-processing-model:the-script-element-32"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has an <code id="script-processing-model:attr-script-event"><a href="https://html.spec.whatwg.org/#attr-script-event">event</a></code> attribute and a <code id="script-processing-model:attr-script-for"><a href="https://html.spec.whatwg.org/#attr-script-for">for</a></code> attribute, and <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-5">the script’s type</a> is "<code>classic</code>",
    then:</p>
     <ol>
      <li>
       <p>Let <var>for</var> be the value of the <code id="script-processing-model:attr-script-for-2"><a href="https://html.spec.whatwg.org/#attr-script-for">for</a></code> attribute.</p>
      <li>
       <p>Let <var>event</var> be the value of the <code id="script-processing-model:attr-script-event-2"><a href="https://html.spec.whatwg.org/#attr-script-event">event</a></code> attribute.</p>
      <li>
       <p><a data-x-internal="strip-leading-and-trailing-ascii-whitespace" href="https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace" id="script-processing-model:strip-leading-and-trailing-ascii-whitespace-2">Strip leading and trailing ASCII whitespace</a> from <var>event</var> and <var>for</var>.</p>
      <li>
       <p>If <var>for</var> is not an <a data-x-internal="ascii-case-insensitive" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="script-processing-model:ascii-case-insensitive-2">ASCII case-insensitive</a> match for the
     string "<code>window</code>", then return. The script is not executed.</p>
      <li>
       <p>If <var>event</var> is not an <a data-x-internal="ascii-case-insensitive" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="script-processing-model:ascii-case-insensitive-3">ASCII case-insensitive</a> match for
     either the string "<code>onload</code>" or the string "<code>onload()</code>", then return. The script is not executed.</p>
     </ol>
    <li id="script-processing-encoding">
     <a class="self-link" href="#script-processing-encoding"></a> 
     <p>If the <code id="script-processing-model:the-script-element-33"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has a <code id="script-processing-model:attr-script-charset"><a href="https://html.spec.whatwg.org/#attr-script-charset">charset</a></code> attribute, then let <var>encoding</var> be the result of <a data-x-internal="getting-an-encoding" href="https://encoding.spec.whatwg.org/#concept-encoding-get" id="script-processing-model:getting-an-encoding">getting an encoding</a> from
    the value of the <code id="script-processing-model:attr-script-charset-2"><a href="https://html.spec.whatwg.org/#attr-script-charset">charset</a></code> attribute.</p>
     <p>If the <code id="script-processing-model:the-script-element-34"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element does not have a <code id="script-processing-model:attr-script-charset-3"><a href="https://html.spec.whatwg.org/#attr-script-charset">charset</a></code> attribute, or if <a data-x-internal="getting-an-encoding" href="https://encoding.spec.whatwg.org/#concept-encoding-get" id="script-processing-model:getting-an-encoding-2">getting an encoding</a> failed, let <var>encoding</var> be the same as <a data-x-internal="document’s-character-encoding" href="https://dom.spec.whatwg.org/#concept-document-encoding" id="script-processing-model:document’s-character-encoding">the
    encoding</a> of the <code id="script-processing-model:the-script-element-35"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element’s <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-3">node document</a>.</p>
     <p class="note" role="note">If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-6">the script’s type</a> is "<code>module</code>", this encoding will be ignored.</p>
    <li>
     <p>Let <var>classic script CORS setting</var> be the current state of the element’s <code id="script-processing-model:attr-script-crossorigin"><a href="https://html.spec.whatwg.org/#attr-script-crossorigin">crossorigin</a></code> content attribute.</p>
    <li>
     <p>Let <var>module script credentials mode</var> be the <a href="https://html.spec.whatwg.org/#module-script-credentials-mode" id="script-processing-model:module-script-credentials-mode">module script credentials
   mode</a> for the element’s <code id="script-processing-model:attr-script-crossorigin-2"><a href="https://html.spec.whatwg.org/#attr-script-crossorigin">crossorigin</a></code> content
   attribute.</p>
    <li>
     <p>Let <var>cryptographic nonce</var> be the element’s <a href="https://html.spec.whatwg.org/#cryptographicnonce" id="script-processing-model:cryptographicnonce">\[\[CryptographicNonce\]\]</a> internal slot’s value.</p>
    <li>
     <p>If the <code id="script-processing-model:the-script-element-36"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has an <code id="script-processing-model:attr-script-integrity"><a href="https://html.spec.whatwg.org/#attr-script-integrity">integrity</a></code> attribute, then let <var>integrity
    metadata</var> be that attribute’s value.</p>
     <p>Otherwise, let <var>integrity metadata</var> be the empty string.</p>
    <li>
     <p>Let <var>referrer policy</var> be the current state of the element’s <code id="script-processing-model:attr-script-referrerpolicy"><a href="https://html.spec.whatwg.org/#attr-script-referrerpolicy">referrerpolicy</a></code> content attribute.</p>
    <li>
     <p>Let <var>parser metadata</var> be "<code>parser-inserted</code>" if the <code id="script-processing-model:the-script-element-37"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element has been flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-7">"parser-inserted"</a>, and
   "<code>not-parser-inserted</code>" otherwise.</p>
    <li>
     <p>Let <var>options</var> be a <a href="https://html.spec.whatwg.org/#script-fetch-options" id="script-processing-model:script-fetch-options">script fetch options</a> whose <a href="https://html.spec.whatwg.org/#concept-script-fetch-options-nonce" id="script-processing-model:concept-script-fetch-options-nonce">cryptographic nonce</a> is <var>cryptographic
   nonce</var>, <a href="https://html.spec.whatwg.org/#concept-script-fetch-options-integrity" id="script-processing-model:concept-script-fetch-options-integrity">integrity metadata</a> is <var>integrity metadata</var>, <a href="https://html.spec.whatwg.org/#concept-script-fetch-options-parser" id="script-processing-model:concept-script-fetch-options-parser">parser
   metadata</a> is <var>parser metadata</var>, <a href="https://html.spec.whatwg.org/#concept-script-fetch-options-credentials" id="script-processing-model:concept-script-fetch-options-credentials">credentials mode</a> is <var>module script
   credentials mode</var>, and <a href="https://html.spec.whatwg.org/#concept-script-fetch-options-referrer-policy" id="script-processing-model:concept-script-fetch-options-referrer-policy">referrer
   policy</a> is <var>referrer policy</var>.</p>
    <li>
     <p>Let <var>settings object</var> be the element’s <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-4">node document</a>’s <a href="https://html.spec.whatwg.org/#relevant-settings-object" id="script-processing-model:relevant-settings-object">relevant settings object</a>.</p>
    <li id="script-processing-src-prepare">
     <a class="self-link" href="#script-processing-src-prepare"></a> 
     <p>
      If 
      <del>the element has a <code id="script-processing-model:attr-script-src-5"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> content attribute</del>
      <ins><var>src</var> is not null</ins>
      , then:
     </p>
     <ol>
      <li>
       <del>
        <p>Let <var>src</var> be the value of the element’s <code id="script-processing-model:attr-script-src-6"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute.</p>
       </del>
      <li>
       <p>If <var>src</var> is the empty string, <a href="https://html.spec.whatwg.org/#queue-a-task" id="script-processing-model:queue-a-task">queue a task</a> to <a data-x-internal="concept-event-fire" href="https://dom.spec.whatwg.org/#concept-event-fire" id="script-processing-model:concept-event-fire">fire an event</a> named <code id="script-processing-model:event-error"><a href="https://html.spec.whatwg.org/#event-error">error</a></code> at the element, and return.</p>
      <li>
       <p>Set the element’s <a href="https://html.spec.whatwg.org/#concept-script-external" id="script-processing-model:concept-script-external">from an external file</a> flag.</p>
      <li>
       <p><a href="https://html.spec.whatwg.org/#parse-a-url" id="script-processing-model:parse-a-url">Parse</a> <var>src</var> relative to the element’s <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-5">node document</a>.</p>
      <li>
       <p>If the previous step failed, <a href="https://html.spec.whatwg.org/#queue-a-task" id="script-processing-model:queue-a-task-2">queue a task</a> to <a data-x-internal="concept-event-fire" href="https://dom.spec.whatwg.org/#concept-event-fire" id="script-processing-model:concept-event-fire-2">fire an event</a> named <code id="script-processing-model:event-error-2"><a href="https://html.spec.whatwg.org/#event-error">error</a></code> at the element, and return. Otherwise, let <var>url</var> be the <a href="https://html.spec.whatwg.org/#resulting-url-record" id="script-processing-model:resulting-url-record">resulting URL
     record</a>.</p>
      <li>
       <p>Switch on <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-7">the script’s type</a>:</p>
       <dl class="switch">
        <dt>"<code>classic</code>"
        <dd>
         <p><a href="https://html.spec.whatwg.org/#fetch-a-classic-script" id="script-processing-model:fetch-a-classic-script">Fetch a classic script</a> given <var>url</var>, <var>settings object</var>, <var>options</var>, <var>classic script CORS setting</var>, and <var>encoding</var>.</p>
        <dt>"<code>module</code>"
        <dd>
         <p><a href="https://html.spec.whatwg.org/#fetch-a-module-script-tree" id="script-processing-model:fetch-a-module-script-tree">Fetch an external module script graph</a> given <var>url</var>, <var>settings
        object</var>, and <var>options</var>.</p>
       </dl>
       <p>When the chosen algorithm asynchronously completes, set <a href="https://html.spec.whatwg.org/#concept-script-script" id="script-processing-model:concept-script-script">the script’s script</a> to the result. At that time, <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-2">the script is ready</a>.</p>
       <p>For performance reasons, user agents may start fetching the classic script or module graph
      (as defined above) as soon as the <code id="script-processing-model:attr-script-src-7"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute is set,
      instead, in the hope that the element will be inserted into the document (and that the <code id="script-processing-model:attr-script-crossorigin-3"><a href="https://html.spec.whatwg.org/#attr-script-crossorigin">crossorigin</a></code> attribute won’t change value in the
      meantime). Either way, once the element is <a href="https://html.spec.whatwg.org/#insert-an-element-into-a-document" id="script-processing-model:insert-an-element-into-a-document">inserted into the document</a>, the load must have started as described in this
      step. If the UA performs such prefetching, but the element is never inserted in the document,
      or the <code id="script-processing-model:attr-script-src-8"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute is dynamically changed, or the <code id="script-processing-model:attr-script-crossorigin-4"><a href="https://html.spec.whatwg.org/#attr-script-crossorigin">crossorigin</a></code> attribute is dynamically changed, then the
      user agent will not execute the script so obtained, and the fetching process will have been
      effectively wasted.</p>
     </ol>
    <li id="establish-script-block-source">
     <a class="self-link" href="#establish-script-block-source"></a> 
     <p>
      If 
      <del>the element does not have a <code id="script-processing-model:attr-script-src-9"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> content attribute</del>
      <ins><var>src</var> is null</ins>
      ,
    run these substeps:
     </p>
     <ol>
      <li>
       <p>Let <var>base URL</var> be the <code id="script-processing-model:the-script-element-38"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element’s <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-6">node
     document</a>’s <a href="https://html.spec.whatwg.org/#document-base-url" id="script-processing-model:document-base-url">document base URL</a>.</p>
      <li>
       <p>Switch on <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-8">the script’s type</a>:</p>
       <dl class="switch">
        <dt>"<code>classic</code>"
        <dd>
         <ol>
          <li>
           <p>Let <var>script</var> be the result of <a href="https://html.spec.whatwg.org/#creating-a-classic-script" id="script-processing-model:creating-a-classic-script">creating a classic script</a> using <var>source text</var>, <var>settings object</var>, <var>base URL</var>, and <var>options</var>.</p>
          <li>
           <p>Set <a href="https://html.spec.whatwg.org/#concept-script-script" id="script-processing-model:concept-script-script-2">the script’s script</a> to <var>script</var>.</p>
          <li>
           <p><a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-3">The script is ready</a>.</p>
         </ol>
        <dt>"<code>module</code>"
        <dd>
         <ol>
          <li>
           <p><a href="https://html.spec.whatwg.org/#fetch-an-inline-module-script-graph" id="script-processing-model:fetch-an-inline-module-script-graph">Fetch an inline module script graph</a>, given <var>source text</var>, <var>base URL</var>, <var>settings object</var>, and <var>options</var>. When this
         asynchronously completes, set <a href="https://html.spec.whatwg.org/#concept-script-script" id="script-processing-model:concept-script-script-3">the script’s
         script</a> to the result. At that time, <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-4">the script is ready</a>.</p>
         </ol>
       </dl>
     </ol>
    <li>
     <p>Then, follow the first of the following options that describes the situation:</p>
     <dl class="switch">
      <dt id="script-processing-defer"><a class="self-link" href="#script-processing-defer"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-9">the script’s
     type</a> is "<code>classic</code>", and the element has a <code id="script-processing-model:attr-script-src-10"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute, and the element has a <code id="script-processing-model:attr-script-defer"><a href="https://html.spec.whatwg.org/#attr-script-defer">defer</a></code> attribute, and the element has been flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-8">"parser-inserted"</a>, and the element does not have an <code id="script-processing-model:attr-script-async-4"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute
      <dt id="script-processing-module-noasync-parser-inserted"><a class="self-link" href="#script-processing-module-noasync-parser-inserted"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-10">the script’s type</a> is "<code>module</code>", and
     the element has been flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-9">"parser-inserted"</a>, and the element does not have
     an <code id="script-processing-model:attr-script-async-5"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute
      <dd>
       <p>Add the element to the end of the <dfn data-dfn-type="dfn" data-lt="list of scripts that will execute when the document has finished parsing" data-noexport id="list-of-scripts-that-will-execute-when-the-document-has-finished-parsing">list of scripts that will execute when the document
      has finished parsing<a class="self-link" href="#list-of-scripts-that-will-execute-when-the-document-has-finished-parsing"></a></dfn> associated with the <code id="script-processing-model:document-3"><a href="https://html.spec.whatwg.org/#document">Document</a></code> of the parser that
      created the element.</p>
       <p>When <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-5">the script is ready</a>, set the element’s <a href="https://html.spec.whatwg.org/#ready-to-be-parser-executed" id="script-processing-model:ready-to-be-parser-executed">"ready to be
      parser-executed"</a> flag. The parser will handle executing the script.</p>
      <dt id="script-processing-parser-inserted"><a class="self-link" href="#script-processing-parser-inserted"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-11">the script’s
     type</a> is "<code>classic</code>", and the element has a <code id="script-processing-model:attr-script-src-11"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute, and the element has been flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-10">"parser-inserted"</a>, and the element does not have an <code id="script-processing-model:attr-script-async-6"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute
      <dd>
       <p>The element is the <a href="https://html.spec.whatwg.org/#pending-parsing-blocking-script" id="script-processing-model:pending-parsing-blocking-script">pending parsing-blocking script</a> of the <code id="script-processing-model:document-4"><a href="https://html.spec.whatwg.org/#document">Document</a></code> of the parser that created the element. (There can only be one such
      script per <code id="script-processing-model:document-5"><a href="https://html.spec.whatwg.org/#document">Document</a></code> at a time.)</p>
       <p>When <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-6">the script is ready</a>, set the element’s <a href="https://html.spec.whatwg.org/#ready-to-be-parser-executed" id="script-processing-model:ready-to-be-parser-executed-2">"ready to be
      parser-executed"</a> flag. The parser will handle executing the script.</p>
      <dt id="script-processing-src-sync"><a class="self-link" href="#script-processing-src-sync"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-12">the script’s
     type</a> is "<code>classic</code>", and the element has a <code id="script-processing-model:attr-script-src-12"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute, and the element does not have an <code id="script-processing-model:attr-script-async-7"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute, and the element does not have the <a href="https://html.spec.whatwg.org/#non-blocking" id="script-processing-model:non-blocking-5">"non-blocking"</a> flag set
      <dt id="script-processing-module-noasync"><a class="self-link" href="#script-processing-module-noasync"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-13">the script’s
     type</a> is "<code>module</code>", and the element does not have an <code id="script-processing-model:attr-script-async-8"><a href="https://html.spec.whatwg.org/#attr-script-async">async</a></code> attribute, and the element does not have the <a href="https://html.spec.whatwg.org/#non-blocking" id="script-processing-model:non-blocking-6">"non-blocking"</a> flag set
      <dd>
       <p>Add the element to the end of the <dfn data-dfn-type="dfn" data-lt="list of scripts that will execute in order as soon as possible" data-noexport id="list-of-scripts-that-will-execute-in-order-as-soon-as-possible">list of scripts that will execute in order as soon
      as possible<a class="self-link" href="#list-of-scripts-that-will-execute-in-order-as-soon-as-possible"></a></dfn> associated with the <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-7">node document</a> of the <code id="script-processing-model:the-script-element-39"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element at the time the <a href="https://html.spec.whatwg.org/#prepare-a-script" id="script-processing-model:prepare-a-script-5">prepare a script</a> algorithm started.</p>
       <p>When <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-7">the script is ready</a>, run the following steps:</p>
       <ol>
        <li>
         <p>If the element is not now the first element in the <a href="https://html.spec.whatwg.org/#list-of-scripts-that-will-execute-in-order-as-soon-as-possible" id="script-processing-model:list-of-scripts-that-will-execute-in-order-as-soon-as-possible">list of scripts that will
       execute in order as soon as possible</a> to which it was added above, then mark the
       element as ready but return without executing the script yet.</p>
        <li>
         <p><i>Execution</i>: <a href="https://html.spec.whatwg.org/#execute-the-script-block" id="script-processing-model:execute-the-script-block">Execute the script block</a> corresponding to the first
       script element in this <a href="https://html.spec.whatwg.org/#list-of-scripts-that-will-execute-in-order-as-soon-as-possible" id="script-processing-model:list-of-scripts-that-will-execute-in-order-as-soon-as-possible-2">list of scripts that will execute in order as soon as
       possible</a>.</p>
        <li>
         <p>Remove the first element from this <a href="https://html.spec.whatwg.org/#list-of-scripts-that-will-execute-in-order-as-soon-as-possible" id="script-processing-model:list-of-scripts-that-will-execute-in-order-as-soon-as-possible-3">list of scripts that will execute in order as
       soon as possible</a>.</p>
        <li>
         <p>If this <a href="https://html.spec.whatwg.org/#list-of-scripts-that-will-execute-in-order-as-soon-as-possible" id="script-processing-model:list-of-scripts-that-will-execute-in-order-as-soon-as-possible-4">list of scripts that will execute in order as soon as possible</a> is
       still not empty and the first entry has already been marked as ready, then jump back to the
       step labeled <i>execution</i>.</p>
       </ol>
      <dt id="script-processing-src"><a class="self-link" href="#script-processing-src"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-14">the script’s type</a> is "<code>classic</code>", and the element has a <code id="script-processing-model:attr-script-src-13"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute
      <dt id="script-processing-module-async"><a class="self-link" href="#script-processing-module-async"></a>If <a href="https://html.spec.whatwg.org/#concept-script-type" id="script-processing-model:concept-script-type-15">the script’s
     type</a> is "<code>module</code>"
      <dd>
       <p>The element must be added to the <dfn data-dfn-type="dfn" data-lt="set of scripts that will execute as soon as possible" data-noexport id="set-of-scripts-that-will-execute-as-soon-as-possible">set of scripts that will execute as soon as
      possible<a class="self-link" href="#set-of-scripts-that-will-execute-as-soon-as-possible"></a></dfn> of the <a data-x-internal="node-document" href="https://dom.spec.whatwg.org/#concept-node-document" id="script-processing-model:node-document-8">node document</a> of the <code id="script-processing-model:the-script-element-40"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element at the
      time the <a href="https://html.spec.whatwg.org/#prepare-a-script" id="script-processing-model:prepare-a-script-6">prepare a script</a> algorithm started.</p>
       <p>When <a href="https://html.spec.whatwg.org/#the-script-is-ready" id="script-processing-model:the-script-is-ready-8">the script is ready</a>, <a href="https://html.spec.whatwg.org/#execute-the-script-block" id="script-processing-model:execute-the-script-block-2">execute the script block</a> and then
      remove the element from the <a href="https://html.spec.whatwg.org/#set-of-scripts-that-will-execute-as-soon-as-possible" id="script-processing-model:set-of-scripts-that-will-execute-as-soon-as-possible">set of scripts that will execute as soon as
      possible</a>.</p>
      <dt id="script-processing-style-delayed"><a class="self-link" href="#script-processing-style-delayed"></a>If the element does not have a <code id="script-processing-model:attr-script-src-14"><a href="https://html.spec.whatwg.org/#attr-script-src">src</a></code> attribute, and the element has been flagged as <a href="https://html.spec.whatwg.org/#parser-inserted" id="script-processing-model:parser-inserted-11">"parser-inserted"</a>, and either the parser that created the <code id="script-processing-model:the-script-element-41"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> is
     an <a href="https://html.spec.whatwg.org/#xml-parser" id="script-processing-model:xml-parser-3">XML parser</a> or it’s an <a href="https://html.spec.whatwg.org/#html-parser" id="script-processing-model:html-parser-3">HTML parser</a> whose <a href="https://html.spec.whatwg.org/#script-nesting-level" id="script-processing-model:script-nesting-level">script nesting
     level</a> is not greater than one, and the <code id="script-processing-model:document-6"><a href="https://html.spec.whatwg.org/#document">Document</a></code> of the <a href="https://html.spec.whatwg.org/#html-parser" id="script-processing-model:html-parser-4">HTML
     parser</a> or <a href="https://html.spec.whatwg.org/#xml-parser" id="script-processing-model:xml-parser-4">XML parser</a> that created the <code id="script-processing-model:the-script-element-42"><a href="https://html.spec.whatwg.org/#the-script-element">script</a></code> element <a href="https://html.spec.whatwg.org/#has-a-style-sheet-that-is-blocking-scripts" id="script-processing-model:has-a-style-sheet-that-is-blocking-scripts">has
     a style sheet that is blocking scripts</a>
      <dd>
       <p>The element is the <a href="https://html.spec.whatwg.org/#pending-parsing-blocking-script" id="script-processing-model:pending-parsing-blocking-script-2">pending parsing-blocking script</a> of the <code id="script-processing-model:document-7"><a href="https://html.spec.whatwg.org/#document">Document</a></code> of the parser that created the element. (There can only be one such
      script per <code id="script-processing-model:document-8"><a href="https://html.spec.whatwg.org/#document">Document</a></code> at a time.)</p>
       <p>Set the element’s <a href="https://html.spec.whatwg.org/#ready-to-be-parser-executed" id="script-processing-model:ready-to-be-parser-executed-3">"ready to be parser-executed"</a> flag. The parser will handle
      executing the script.</p>
      <dt id="script-processing-inline"><a class="self-link" href="#script-processing-inline"></a>Otherwise
      <dd><a href="https://html.spec.whatwg.org/#immediately" id="script-processing-model:immediately-2">Immediately</a> <a href="https://html.spec.whatwg.org/#execute-the-script-block" id="script-processing-model:execute-the-script-block-3">execute the script block</a>, even if other scripts are
     already executing.
     </dl>
   </ol>
   <h4 class="heading settled" data-level="4.1.4" id="enforcement-in-sinks"><span class="secno">4.1.4. </span><span class="content">Enforcement in element attributes</span><a class="self-link" href="#enforcement-in-sinks"></a></h4>
   <p>This document modifies following IDL attributes of various DOM elements:</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement"><c- g>HTMLIFrameElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement①"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑥"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑥"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①②"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring②"><c- n>HTMLString</c-></a> <dfn class="idl-code" data-dfn-for="HTMLIFrameElement" data-dfn-type="attribute" data-export data-type="HTMLString" id="dom-htmliframeelement-srcdoc"><code><c- g>srcdoc</c-></code><a class="self-link" href="#dom-htmliframeelement-srcdoc"></a></dfn>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement" id="ref-for-htmlembedelement"><c- g>HTMLEmbedElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement②"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑦"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑦"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑧"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring①"><c- n>ScriptURLString</c-></a> <dfn class="idl-code" data-dfn-for="HTMLEmbedElement" data-dfn-type="attribute" data-export data-type="ScriptURLString" id="dom-htmlembedelement-src"><code><c- g>src</c-></code><a class="self-link" href="#dom-htmlembedelement-src"></a></dfn>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlobjectelement" id="ref-for-htmlobjectelement"><c- g>HTMLObjectElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement③"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑧"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑧"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑨"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring②"><c- n>ScriptURLString</c-></a> <dfn class="idl-code" data-dfn-for="HTMLObjectElement" data-dfn-type="attribute" data-export data-type="ScriptURLString" id="dom-htmlobjectelement-data"><code><c- g>data</c-></code><a class="self-link" href="#dom-htmlobjectelement-data"></a></dfn>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑨"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑨"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①⓪"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②③"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="HTMLObjectElement" data-dfn-type="attribute" data-export data-type="DOMString" id="dom-htmlobjectelement-codebase"><code><c- g>codeBase</c-></code><a class="self-link" href="#dom-htmlobjectelement-codebase"></a></dfn>; // obsolete
};
</pre>
   <p class="issue" id="issue-13577559"><a class="self-link" href="#issue-13577559"></a> Add base.href enforcement.</p>
   <h4 class="heading settled" data-level="4.1.5" id="enforcement-in-timer-functions"><span class="secno">4.1.5. </span><span class="content">Enforcement in timer functions</span><a class="self-link" href="#enforcement-in-timer-functions"></a></h4>
   <p>This document modifies the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope" id="ref-for-windoworworkerglobalscope">WindowOrWorkerGlobalScope</a></code> interface mixin:</p>
<pre class="idl highlight def"><c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring③"><c- n>ScriptString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="https://heycam.github.io/webidl/#Function" id="ref-for-Function"><c- n>Function</c-></a>) <dfn class="dfn-paneled idl-code" data-dfn-type="typedef" data-export id="typedefdef-trustedtimerhandler"><code><c- g>TrustedTimerHandler</c-></code></dfn>;

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope" id="ref-for-windoworworkerglobalscope①"><c- g>WindowOrWorkerGlobalScope</c-></a> {
  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long"><c- b>long</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope" data-dfn-type="method" data-export data-lt="setTimeout(handler, timeout, ...arguments)|setTimeout(handler, timeout)|setTimeout(handler)" id="dom-windoworworkerglobalscope-settimeout"><code><c- g>setTimeout</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-settimeout"></a></dfn>(<a class="n" data-link-type="idl-name" href="#typedefdef-trustedtimerhandler" id="ref-for-typedefdef-trustedtimerhandler"><c- n>TrustedTimerHandler</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setTimeout(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setTimeout(handler, timeout), WindowOrWorkerGlobalScope/setTimeout(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-handler"><code><c- g>handler</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-handler"></a></dfn>, <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long①"><c- b>long</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setTimeout(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setTimeout(handler, timeout), WindowOrWorkerGlobalScope/setTimeout(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-timeout"><code><c- g>timeout</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-timeout"></a></dfn> = 0, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setTimeout(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setTimeout(handler, timeout), WindowOrWorkerGlobalScope/setTimeout(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-arguments"></a></dfn>);
  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long②"><c- b>long</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope" data-dfn-type="method" data-export data-lt="setInterval(handler, timeout, ...arguments)|setInterval(handler, timeout)|setInterval(handler)" id="dom-windoworworkerglobalscope-setinterval"><code><c- g>setInterval</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-setinterval"></a></dfn>(<a class="n" data-link-type="idl-name" href="#typedefdef-trustedtimerhandler" id="ref-for-typedefdef-trustedtimerhandler①"><c- n>TrustedTimerHandler</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setInterval(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setInterval(handler, timeout), WindowOrWorkerGlobalScope/setInterval(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-handler"><code><c- g>handler</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-handler"></a></dfn>, <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long③"><c- b>long</c-></a> <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setInterval(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setInterval(handler, timeout), WindowOrWorkerGlobalScope/setInterval(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-timeout"><code><c- g>timeout</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-timeout"></a></dfn> = 0, <c- b>any</c->... <dfn class="idl-code" data-dfn-for="WindowOrWorkerGlobalScope/setInterval(handler, timeout, ...arguments), WindowOrWorkerGlobalScope/setInterval(handler, timeout), WindowOrWorkerGlobalScope/setInterval(handler)" data-dfn-type="argument" data-export id="dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-arguments"><code><c- g>arguments</c-></code><a class="self-link" href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-arguments"></a></dfn>);
};
</pre>
   <p>To the <a href="https://www.w3.org/TR/html5/#timer-initialisation-steps">timer initialization steps algorithm</a>,
add this step between 7.1 and 7.2:</p>
   <ol>
    <li data-md>
     <p>If the first operation argument is not a <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#Function" id="ref-for-Function①">Function</a></code>, or if the first operation argument is a <code class="idl"><a data-link-type="idl" href="#typedefdef-trustedtype" id="ref-for-typedefdef-trustedtype④">TrustedType</a></code>, set the first operation argument to the result of executing
the <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string⑤">Get Trusted Type compliant string</a> algorithm, with</p>
     <ul>
      <li data-md>
       <p><var>global</var> set to the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#context-object" id="ref-for-context-object①②">context object</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global⑦">relevant global object</a>.</p>
      <li data-md>
       <p><var>input</var> set to the first method argument, and</p>
      <li data-md>
       <p><var>expectedType</var> set to <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①①">TrustedScript</a></code>.</p>
      <li data-md>
       <p><var>sink</var> set to <code>Window.setInterval</code> if <var>repeat</var> is true, <code>Window.setTimeout</code> otherwise.</p>
      <li data-md>
       <p><var>sinkGroup</var> set to <code>'script'</code>.</p>
       <p class="note" role="note"><span>Note:</span> This matches the logic that the extended attribute would apply.</p>
     </ul>
   </ol>
   <p class="note" role="note"><span>Note:</span> This makes sure that a <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①②">TrustedScript</a></code> is passed to timer
functions in place of a string when Trusted Types are enforced, but
also unconditionally accepts any <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#Function" id="ref-for-Function②">Function</a></code> object.</p>
   <h4 class="heading settled" data-level="4.1.6" id="enforcement-in-event-handler-content-attributes"><span class="secno">4.1.6. </span><span class="content">Enforcement in event handler content attributes</span><a class="self-link" href="#enforcement-in-event-handler-content-attributes"></a></h4>
   <p>This document modifies the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-attributes-change-ext" id="ref-for-concept-element-attributes-change-ext">attribute change steps</a> for an <a href="https://www.w3.org/TR/html5/#event-handler-content-attributes">event handler content attribute</a>.</p>
   <p>At the beginning of step 5, insert the following steps:</p>
   <ol>
    <li data-md>
     <p>Let <var>value</var> be the result of executing the <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string⑥">Get Trusted Type compliant string</a> algorithm, with the following arguments:</p>
     <ul>
      <li data-md>
       <p><var>value</var> as <var>input</var>,</p>
      <li data-md>
       <p><code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①③">TrustedScript</a></code> as <var>expectedType</var>,</p>
      <li data-md>
       <p><code>'script'</code> as <var>sinkGroup</var></p>
      <li data-md>
       <p><var>sink</var> being the result of <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#string-concatenate" id="ref-for-string-concatenate②">concatenating</a> the list « <var>element</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-local-name" id="ref-for-concept-element-local-name②">local name</a>, <var>localName</var> » with <code>"."</code> as a <var>separator</var>.</p>
       <p class="note" role="note"><span>Note:</span> For example, <code>document.createElement('div').onclick = value</code> will result in <var>sink</var> being <code>'div.onclick'</code>.</p>
      <li data-md>
       <p><var>eventTarget</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global" id="ref-for-concept-relevant-global⑧">relevant global object</a> as <var>global</var>,</p>
     </ul>
    <li data-md>
     <p>If the algorithm throws an error, abort these steps.</p>
   </ol>
   <p class="note" role="note"><span>Note:</span> This also applies to events in <a href="https://www.w3.org/TR/svg2/interact.html#EventAttributes">SVG 2 §15.9 Event attributes</a>.</p>
   <div class="example" id="event-handlers-example">
    <a class="self-link" href="#event-handlers-example"></a> 
<pre class="highlight"><c- c1>// Content-Security-Policy: require-trusted-types-for 'script'</c->

<c- kr>const</c-> img <c- o>=</c-> document<c- p>.</c->createElement<c- p>(</c-><c- t>'img'</c-><c- p>);</c->
img<c- p>.</c->setAttribute<c- p>(</c-><c- t>'onerror'</c-><c- p>,</c-> <c- t>'alert(1)'</c-><c- p>);</c-> <c- c1>// TypeError</c->
</pre>
   </div>
   <h3 class="heading settled" data-level="4.2" id="integration-with-svg"><span class="secno">4.2. </span><span class="content">Integration with SVG</span><a class="self-link" href="#integration-with-svg"></a></h3>
   <p>This document modifies the <code class="idl"><a data-link-type="idl" href="https://svgwg.org/svg2-draft/interact.html#InterfaceSVGScriptElement" id="ref-for-InterfaceSVGScriptElement">SVGScriptElement</a></code> interface to enforce Trusted Types:</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://svgwg.org/svg2-draft/interact.html#InterfaceSVGScriptElement" id="ref-for-InterfaceSVGScriptElement①"><c- g>SVGScriptElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://svgwg.org/svg2-draft/types.html#InterfaceSVGElement" id="ref-for-InterfaceSVGElement"><c- n>SVGElement</c-></a> {
 // overwrites the definition in SVGURIReference.
 [<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②⓪"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①①"><c- n>TrustedScriptURL</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring③"><c- n>ScriptURLString</c-></a> <dfn class="idl-code" data-dfn-for="SVGScriptElement" data-dfn-type="attribute" data-export data-readonly data-type="ScriptURLString" id="dom-svgscriptelement-href"><code><c- g>href</c-></code><a class="self-link" href="#dom-svgscriptelement-href"></a></dfn>;
};
</pre>
   <h3 class="heading settled" data-level="4.3" id="integration-with-dom"><span class="secno">4.3. </span><span class="content">Integration with DOM</span><a class="self-link" href="#integration-with-dom"></a></h3>
   <p>This document modifies the <code class="idl"><a data-link-type="idl" href="https://dom.spec.whatwg.org/#element" id="ref-for-element⑥">Element</a></code> interface, adding <a data-link-type="dfn" href="#concept-element-attributes-validation-ext" id="ref-for-concept-element-attributes-validation-ext">attribute validation steps</a>:</p>
   <p>
    <ins>This and <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#other-applicable-specifications" id="ref-for-other-applicable-specifications">other specifications</a> may define <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="concept-element-attributes-validation-ext">attribute validation steps</dfn> for <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element" id="ref-for-concept-element">elements</a>. The algorithm is passed <var>element</var>, <var>localName</var>, <var>value</var>, and <var>namespace</var>.</ins>
   </p>
   <p>This document changes the <a data-link-type="dfn">handle attribute changes</a> algorithm, adding the following step at the beginning:</p>
   <ol>
    <li>
     <ins>
      <p>Run the <a data-link-type="dfn" href="#concept-element-attributes-validation-ext" id="ref-for-concept-element-attributes-validation-ext①">attribute validation steps</a> with <var>element</var>, <var>attribute</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-attribute-local-name" id="ref-for-concept-attribute-local-name">local name</a>, <var>newValue</var> and <var>attribute</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-attribute-namespace" id="ref-for-concept-attribute-namespace">namespace</a>. If this throws an exception, then
 rethrow the exception and abort further steps. </p>
     </ins>
   </ol>
   <p>Additionally, this document changes the <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-node-append" id="ref-for-concept-node-append">append</a> an attribute algorithm:</p>
   <p>
    To <dfn data-dfn-type="dfn" data-export data-lt="append an attribute" id="concept-element-attributes-append">append<a class="self-link" href="#concept-element-attributes-append"></a></dfn> an <a data-link-type="dfn" href="https://heycam.github.io/webidl/#dfn-attribute" id="ref-for-dfn-attribute⑤">attribute</a> <var>attribute</var> to an <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element" id="ref-for-concept-element①">element</a> <var>element</var> 
    <ins>with a <var>value</var></ins>
    , run these steps: 
   </p>
   <ol>
    <li>
     <p>
      <a data-link-type="dfn">Handle attribute changes</a> for <var>attribute</var> with <var>element</var>, null, and 
      <del><var>attribute</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-attribute-value" id="ref-for-concept-attribute-value">value</a></del>
      <ins><var>value</var></ins>
      . 
     </p>
    <li>
     <ins>
      <p>Set <var>attribute</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-attribute-value" id="ref-for-concept-attribute-value①">value</a> to <var>value</var>. </p>
     </ins>
    <li>
     <p><a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-append" id="ref-for-list-append">Append</a> <var>attribute</var> to <var>element</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-element-attribute" id="ref-for-concept-element-attribute">attribute list</a>. </p>
    <li>
     <p>Set <var>attribute</var>’s <a data-link-type="dfn" href="https://dom.spec.whatwg.org/#concept-attribute-element" id="ref-for-concept-attribute-element">element</a> to <var>element</var>. </p>
   </ol>
   <p>Callers of this algorithm are changed accordingly.</p>
   <p class="issue" id="issue-52c8f9b0"><a class="self-link" href="#issue-52c8f9b0"></a> Remove when <a href="https://github.com/whatwg/dom/pull/809">DOM #809</a> is merged.</p>
   <h3 class="heading settled" data-level="4.4" id="integration-with-dom-parsing"><span class="secno">4.4. </span><span class="content">Integration with DOM Parsing</span><a class="self-link" href="#integration-with-dom-parsing"></a></h3>
   <p>This document modifies the following interfaces defined by <a data-link-type="biblio" href="#biblio-dom-parsing">[DOM-Parsing]</a>:</p>
<pre class="idl highlight def"><c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#element" id="ref-for-element⑦"><c- g>Element</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①⓪"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①③"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstringdefaultsempty" id="ref-for-typedefdef-htmlstringdefaultsempty①"><c- n>HTMLStringDefaultsEmpty</c-></a> <dfn class="idl-code" data-dfn-for="Element" data-dfn-type="attribute" data-export data-type="HTMLStringDefaultsEmpty" id="dom-element-outerhtml"><code><c- g>outerHTML</c-></code><a class="self-link" href="#dom-element-outerhtml"></a></dfn>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①①"><c- g>CEReactions</c-></a>] <c- b>void</c-> <dfn class="idl-code" data-dfn-for="Element" data-dfn-type="method" data-export data-lt="insertAdjacentHTML(position, text)" id="dom-element-insertadjacenthtml"><code><c- g>insertAdjacentHTML</c-></code><a class="self-link" href="#dom-element-insertadjacenthtml"></a></dfn>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②④"><c- b>DOMString</c-></a> <dfn class="idl-code" data-dfn-for="Element/insertAdjacentHTML(position, text)" data-dfn-type="argument" data-export id="dom-element-insertadjacenthtml-position-text-position"><code><c- g>position</c-></code><a class="self-link" href="#dom-element-insertadjacenthtml-position-text-position"></a></dfn>, [<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②②"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①④"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring③"><c- n>HTMLString</c-></a> <dfn class="idl-code" data-dfn-for="Element/insertAdjacentHTML(position, text)" data-dfn-type="argument" data-export id="dom-element-insertadjacenthtml-position-text-text"><code><c- g>text</c-></code><a class="self-link" href="#dom-element-insertadjacenthtml-position-text-text"></a></dfn>);
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface"><c- g>InnerHTML</c-></a> { // specified in a draft version at https://w3c.github.io/DOM-Parsing/#the-innerhtml-mixin
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①②"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②③"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑤"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstringdefaultsempty" id="ref-for-typedefdef-htmlstringdefaultsempty②"><c- n>HTMLStringDefaultsEmpty</c-></a> <dfn class="idl-code" data-dfn-for="InnerHTML" data-dfn-type="attribute" data-export data-type="HTMLStringDefaultsEmpty" id="dom-innerhtml-innerhtml"><code><c- g>innerHTML</c-></code><a class="self-link" href="#dom-innerhtml-innerhtml"></a></dfn>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#range" id="ref-for-range"><c- g>Range</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①③"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#NewObject" id="ref-for-NewObject"><c- g>NewObject</c-></a>] <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#documentfragment" id="ref-for-documentfragment"><c- n>DocumentFragment</c-></a> <dfn class="idl-code" data-dfn-for="Range" data-dfn-type="method" data-export data-lt="createContextualFragment(fragment)" id="dom-range-createcontextualfragment"><code><c- g>createContextualFragment</c-></code><a class="self-link" href="#dom-range-createcontextualfragment"></a></dfn>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②④"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑥"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring④"><c- n>HTMLString</c-></a> <dfn class="idl-code" data-dfn-for="Range/createContextualFragment(fragment)" data-dfn-type="argument" data-export id="dom-range-createcontextualfragment-fragment-fragment"><code><c- g>fragment</c-></code><a class="self-link" href="#dom-range-createcontextualfragment-fragment-fragment"></a></dfn>);
};

[<dfn class="idl-code" data-dfn-for="DOMParser" data-dfn-type="constructor" data-export data-lt="DOMParser()" id="dom-domparser-domparser"><code><c- g>Constructor</c-></code><a class="self-link" href="#dom-domparser-domparser"></a></dfn>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed⑤"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <dfn class="idl-code" data-dfn-type="interface" data-export id="domparser"><code><c- g>DOMParser</c-></code><a class="self-link" href="#domparser"></a></dfn> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#NewObject" id="ref-for-NewObject①"><c- g>NewObject</c-></a>] <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑤"><c- n>Document</c-></a> <dfn class="dfn-paneled idl-code" data-dfn-for="DOMParser" data-dfn-type="method" data-export data-lt="parseFromString(str, type)" id="dom-domparser-parsefromstring"><code><c- g>parseFromString</c-></code></dfn>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②⑤"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑦"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring⑤"><c- n>HTMLString</c-></a> <dfn class="idl-code" data-dfn-for="DOMParser/parseFromString(str, type)" data-dfn-type="argument" data-export id="dom-domparser-parsefromstring-str-type-str"><code><c- g>str</c-></code><a class="self-link" href="#dom-domparser-parsefromstring-str-type-str"></a></dfn>, <a class="n" data-link-type="idl-name" href="https://www.w3.org/TR/DOM-Parsing/#h-the-domparser-interface" id="ref-for-h-the-domparser-interface"><c- n>SupportedType</c-></a> <dfn class="idl-code" data-dfn-for="DOMParser/parseFromString(str, type)" data-dfn-type="argument" data-export id="dom-domparser-parsefromstring-str-type-type"><code><c- g>type</c-></code><a class="self-link" href="#dom-domparser-parsefromstring-str-type-type"></a></dfn>);
};
</pre>
   <h3 class="heading settled" data-level="4.5" id="integration-with-content-security-policy"><span class="secno">4.5. </span><span class="content">Integration with Content Security Policy</span><a class="self-link" href="#integration-with-content-security-policy"></a></h3>
   <h4 class="heading settled" data-level="4.5.1" id="require-trusted-types-for-csp-directive"><span class="secno">4.5.1. </span><span class="content"><dfn data-dfn-type="dfn" data-lt="require-trusted-types-for-directive" data-noexport id="require-trusted-types-for-directive">require-trusted-types-for<a class="self-link" href="#require-trusted-types-for-directive"></a></dfn> directive</span><a class="self-link" href="#require-trusted-types-for-csp-directive"></a></h4>
   <p>This document defines <em>require-trusted-types-for</em> - a new <a href="https://www.w3.org/TR/CSP3/#directives">Content Security Policy directive</a>.</p>
   <p><code class="idl"><a data-link-type="idl">require-trusted-types-for</a></code> directive configures the Trusted
Types framework for all the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②①">injection sinks</a> of certain groups in a current <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-global-object-realm" id="ref-for-concept-global-object-realm①">realm</a>.
Specifically, it defines what should be the behavior when a string value is passed to an <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②②">injection sink</a> of a given group (i.e. should the type-based enforcement be enabled for such sinks).</p>
   <p class="note" role="note"><span>Note:</span> Currently, only the enforcement for <a href="#dom-xss-injection-sinks">§ 2.1.2 DOM XSS injection sinks</a> is specified.</p>
   <p>The syntax for the directive’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-name" id="ref-for-directive-name">name</a> and <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value">value</a> is described by the following
ABNF:</p>
<pre>directive-name = "require-trusted-types-for"
directive-value = <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group④">trusted-types-sink-group</a> *( <a href="https://w3c.github.io/webappsec-csp/#grammardef-required-ascii-whitespace">required-ascii-whitespace</a> <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group⑤">trusted-types-sink-group</a>)
<dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="trusted-types-sink-group">trusted-types-sink-group</dfn> = "'script'"
</pre>
   <div class="example" id="require-tt-for-script-header">
    <a class="self-link" href="#require-tt-for-script-header"></a> Enforce Trusted Types at the DOM XSS injection sinks. 
<pre class="http">Content-Security-Policy: require-trusted-types-for 'script'
</pre>
   </div>
   <h5 class="heading settled" data-level="4.5.1.1" id="require-trusted-types-for-pre-navigation-check"><span class="secno">4.5.1.1. </span><span class="content"><code>require-trusted-types-for</code> Pre-Navigation check</span><a class="self-link" href="#require-trusted-types-for-pre-navigation-check"></a></h5>
   <p>Given a <span spec-section="#concept-request">request</span> (<var>request</var>), a string <var>navigation type</var> and a <a href="https://www.w3.org/TR/CSP3/#content-security-policy-object">policy</a> (<var>policy</var>), this algorithm returns <code>"Blocked"</code> if a navigation violates the <code class="idl"><a data-link-type="idl">require-trusted-types-for</a></code> directive’s constraints and <code>"Allowed"</code> otherwise. This constitutes the <code class="idl"><a data-link-type="idl">require-trusted-types-for</a></code> directive’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-pre-navigation-check" id="ref-for-directive-pre-navigation-check">pre-navigation check</a>:</p>
   <p class="note" role="note"><span>Note:</span> This algorithm assures that the code to be executed by a navigation to a <code>javascript:</code> URL will have to pass through a <a data-link-type="dfn" href="#default-policy" id="ref-for-default-policy">default policy</a>’s <code>createScript</code> function, in addition to all other restrictions imposed by other CSP directives.</p>
   <ol>
    <li data-md>
     <p>If <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url">url</a>'s <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-scheme" id="ref-for-concept-url-scheme">scheme</a> is not <code>"javascript"</code>, return <code>"Allowed"</code> and abort further steps.</p>
    <li data-md>
     <p>Let <var>urlString</var> be the result of running the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-serializer" id="ref-for-concept-url-serializer">URL serializer</a> on <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url①">url</a>.</p>
    <li data-md>
     <p>Let <var>encodedScriptSource</var> be the result of removing the leading <code>"javascript:"</code> from <var>urlString</var>.</p>
    <li data-md>
     <p>Let <var>convertedScriptSource</var> be the result of executing <a data-link-type="abstract-op" href="#abstract-opdef-process-value-with-a-default-policy" id="ref-for-abstract-opdef-process-value-with-a-default-policy①">Process value with a default policy</a> algorithm, with the following arguments:</p>
     <ul>
      <li data-md>
       <p><code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①④">TrustedScript</a></code> as <var>expectedType</var></p>
      <li data-md>
       <p><var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-client" id="ref-for-concept-request-client">clients</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global">global object</a> as <var>global</var></p>
      <li data-md>
       <p><var>encodedScriptSource</var> as <var>input</var></p>
      <li data-md>
       <p><code>"Location.href"</code> as <var>sink</var></p>
     </ul>
     <p>If that algorithm threw an error or <var>convertedScriptSource</var> is not a <code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①⑤">TrustedScript</a></code> object, return "Blocked" and abort further steps.</p>
    <li data-md>
     <p>Set <var>urlString</var> to be the result of prepending <code>"javascript:"</code> to stringified <var>convertedScriptSource</var>.</p>
    <li data-md>
     <p>Let <var>newURL</var> be the result of running the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-parser" id="ref-for-concept-url-parser">URL parser</a> on <var>urlString</var>. If the parser returns a failure, return <code>"Blocked"</code> and abort further steps.</p>
    <li data-md>
     <p>Set <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url②">url</a> to <var>newURL</var>.</p>
     <p class="note" role="note"><span>Note:</span> No other CSP directives operate on <code>javascript:</code> URLs in a pre-navigation check. Other directives that check javascript: URLs
       will operate on the modified URL later, in the <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-inline-check" id="ref-for-directive-inline-check">inline check</a>.</p>
    <li data-md>
     <p>Return <code>"Allowed"</code>.</p>
   </ol>
   <h4 class="heading settled" data-level="4.5.2" id="trusted-types-csp-directive"><span class="secno">4.5.2. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="dfn" data-lt="trusted-types-directive" data-noexport id="trusted-types-directive">trusted-types</dfn> directive</span><a class="self-link" href="#trusted-types-csp-directive"></a></h4>
   <p>This document defines <em>trusted-types</em> - a new <a href="https://www.w3.org/TR/CSP3/#directives">Content Security Policy directive</a>. The <code class="idl"><a data-link-type="idl">trusted-types</a></code> directive controls the creation of Trusted Type <a data-link-type="dfn" href="#policies" id="ref-for-policies⑤">policies</a>.</p>
   <p>The syntax for the directive’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-name" id="ref-for-directive-name①">name</a> and <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value①">value</a> is described by the following
ABNF:</p>
<pre>directive-name = "trusted-types"
directive-value = <a data-link-type="dfn" href="#serialized-tt-configuration" id="ref-for-serialized-tt-configuration">serialized-tt-configuration</a>
<dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="serialized-tt-configuration">serialized-tt-configuration</dfn> = ( <a data-link-type="dfn" href="#tt-expression" id="ref-for-tt-expression">tt-expression</a> *( <a href="https://w3c.github.io/webappsec-csp/#grammardef-required-ascii-whitespace">required-ascii-whitespace</a> <a data-link-type="dfn" href="#tt-expression" id="ref-for-tt-expression①">tt-expression</a> ) )
<dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="tt-expression">tt-expression</dfn> = <a data-link-type="dfn" href="#tt-policy-name" id="ref-for-tt-policy-name">tt-policy-name</a>  / <a data-link-type="dfn" href="#tt-keyword" id="ref-for-tt-keyword">tt-keyword</a>
<dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="tt-policy-name">tt-policy-name</dfn> = 1*( <a href="https://tools.ietf.org/html/rfc5234#appendix-B.1">ALPHA</a> / <a href="https://tools.ietf.org/html/rfc5234#appendix-B.1">DIGIT</a> / "-" / "#" / "=" / "_" / "/" / "@" / "." / "%")
<dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="tt-keyword">tt-keyword</dfn> = "'allow-duplicates'"
</pre>
   <div class="example" id="whitelist-of-policy-names-in-header">
    <a class="self-link" href="#whitelist-of-policy-names-in-header"></a> Types are enforced at sinks, and only two policies may be created: “one” and “two”. 
<pre class="http">Content-Security-Policy: require-trusted-types-for 'script'; trusted-types one two
</pre>
   </div>
   <div class="example" id="header-that-allows-no-policy-names">
    <a class="self-link" href="#header-that-allows-no-policy-names"></a> An empty <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives">directive</a> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value②">value</a> indicates policies may not be created,
and sinks expect Trusted Type values, i.e. no DOM XSS <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②③">injection sinks</a> can be used
at all. 
<pre class="http">Content-Security-Policy: trusted-types; require-trusted-types-for 'script'
</pre>
   </div>
   <p>Keyword <code>'allow-duplicates'</code> allows for creating policies with a name that was already used.</p>
   <div class="example" id="allow-duplicates-in-header">
    <a class="self-link" href="#allow-duplicates-in-header"></a> 
<pre class="http">Content-Security-Policy: trusted-types foo bar 'allow-duplicates'
</pre>
   </div>
   <p>If the policy named <code>default</code> is present in the list, it refers to the <a data-link-type="dfn" href="#default-policy" id="ref-for-default-policy①">default policy</a>. All strings passed to <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②④">injection sinks</a> will be passed through it instead
of being rejected outright.</p>
   <div class="example" id="default-in-header">
    <a class="self-link" href="#default-in-header"></a> 
<pre class="http">Content-Security-Policy: trusted-types one two default
</pre>
   </div>
   <h4 class="heading settled" data-level="4.5.3" id="should-block-sink-type-mismatch"><span class="secno">4.5.3. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">Should sink type mismatch violation be blocked by Content Security Policy?</dfn></span><a class="self-link" href="#should-block-sink-type-mismatch"></a></h4>
   <p>Given a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global③">global object</a> (<var>global</var>), a string (<var>sink</var>), a string (<var>sinkGroup</var>) and a string (<var>source</var>) this algorithm
returns <code>"Blocked"</code> if the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⑤">injection sink</a> requires a <a data-link-type="dfn" href="#trusted-type" id="ref-for-trusted-type⑤">Trusted Type</a>, and <code>"Allowed"</code> otherwise.</p>
   <ol>
    <li data-md>
     <p>Let <var>result</var> be <code>"Allowed"</code>.</p>
    <li data-md>
     <p>For each <var>policy</var> in <var>global</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/dom.html#concept-document-csp-list" id="ref-for-concept-document-csp-list①">CSP list</a>:</p>
     <ol>
      <li data-md>
       <p>If <var>policy</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-directive-set" id="ref-for-policy-directive-set①">directive set</a> does not contain a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives①">directive</a> which <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-name" id="ref-for-directive-name②">name</a> is <code>"require-trusted-types-for"</code>, skip to the next <var>policy</var>.</p>
      <li data-md>
       <p>Let <var>directive</var> be the <var>policy</var>’s <var>directive set</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives②">directive</a> which name
is <code>"require-trusted-types-for"</code></p>
      <li data-md>
       <p>If <var>directive</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value③">value</a> does not contain a <a data-link-type="dfn" href="#trusted-types-sink-group" id="ref-for-trusted-types-sink-group⑥">trusted-types-sink-group</a> which is a match
for a value <var>sinkGroup</var>, skip to the next <var>policy</var>.</p>
      <li data-md>
       <p>Let <var>violation</var> be the result of executing <a href="https://www.w3.org/TR/CSP3/#create-violation-for-global">Create a violation object for global, policy, and directive</a> on <var>global</var>, <var>policy</var> and <code>"require-trusted-types-for"</code></p>
      <li data-md>
       <p>Set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-resource" id="ref-for-violation-resource">resource</a> to <code>"trusted-types-sink"</code>.</p>
      <li data-md>
       <p>Let <var>trimmedSource</var> be the substring of <var>source</var>, containing its first 40 characters.</p>
      <li data-md>
       <p>Set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-sample" id="ref-for-violation-sample">sample</a> to be the result of <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#string-concatenate" id="ref-for-string-concatenate③">concatenating</a> the list « <var>sink</var>, <var>trimmedSource</var> « using space (<code>"\x20"</code>) as a <var>separator</var>.</p>
      <li data-md>
       <p>Execute <a href="https://www.w3.org/TR/CSP3/#report-violation">Report a violation</a> on <var>violation</var>.</p>
      <li data-md>
       <p>If <var>policy</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-disposition" id="ref-for-policy-disposition">disposition</a> is <code>"enforce"</code>, then set <var>result</var> to <code>"Blocked"</code>.</p>
     </ol>
    <li data-md>
     <p>Return <var>result</var>.</p>
   </ol>
   <h4 class="heading settled" data-level="4.5.4" id="should-block-create-policy"><span class="secno">4.5.4. </span><span class="content"><dfn class="dfn-paneled" data-dfn-type="abstract-op" data-export id="abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">Should Trusted Type policy creation be blocked by Content Security Policy?</dfn></span><a class="self-link" href="#should-block-create-policy"></a></h4>
   <p>Given a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global④">global object</a> (<var>global</var>), a string (<var>policyName</var>) and a list of
strings (<var>createdPolicyNames</var>), this algorithm returns <code>"Blocked"</code> if the <a data-link-type="dfn">Trusted Type Policy</a> should not be created, and <code>"Allowed"</code> otherwise.</p>
   <ol>
    <li data-md>
     <p>Let <var>result</var> be <code>"Allowed"</code>.</p>
    <li data-md>
     <p>For each <var>policy</var> in <var>global</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/dom.html#concept-document-csp-list" id="ref-for-concept-document-csp-list②">CSP list</a>:</p>
     <ol>
      <li data-md>
       <p>Let <var>createViolation</var> be false.</p>
      <li data-md>
       <p>If <var>policy</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-directive-set" id="ref-for-policy-directive-set②">directive set</a> does not contain a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives③">directive</a> which name is <code>"trusted-types"</code>, skip to the next <var>policy</var>.</p>
      <li data-md>
       <p>Let <var>directive</var> be the <var>policy</var>’s <var>directive set</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives④">directive</a> which name
is <code>"trusted-types"</code></p>
      <li data-md>
       <p>If <var>createdPolicyNames</var> contains <var>policyName</var> and <var>directive</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value④">value</a> does not contain a <a data-link-type="dfn" href="#tt-keyword" id="ref-for-tt-keyword①">tt-keyword</a> which is a match
for a value <code>'allow-duplicates'</code>, set <var>createViolation</var> to true.</p>
       <p class="note" role="note"><span>Note:</span> <code>trusted-types policyA policyB 'allow-duplicates'</code> allows authors to create policies with
duplicated names.</p>
      <li data-md>
       <p>If <var>directive</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value⑤">value</a> does not contain a <a data-link-type="dfn" href="#tt-policy-name" id="ref-for-tt-policy-name①">tt-policy-name</a>,
which value is <var>policyName</var>, set <var>createViolation</var> to true.</p>
      <li data-md>
       <p>If <var>createViolation</var> is false, skip to the next <var>policy</var>.</p>
      <li data-md>
       <p>Let <var>violation</var> be the result of executing <a href="https://www.w3.org/TR/CSP3/#create-violation-for-global">Create a violation object for global, policy, and directive</a> on <var>global</var>, <var>policy</var> and <code>"trusted-types"</code></p>
      <li data-md>
       <p>Set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-resource" id="ref-for-violation-resource①">resource</a> to <code>"trusted-types-policy"</code>.</p>
      <li data-md>
       <p>Set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-sample" id="ref-for-violation-sample①">sample</a> to the substring of <var>policyName</var>, containing its first 40 characters.</p>
      <li data-md>
       <p>Execute <a href="https://www.w3.org/TR/CSP3/#report-violation">Report a violation</a> on <var>violation</var>.</p>
      <li data-md>
       <p>If <var>policy</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-disposition" id="ref-for-policy-disposition①">disposition</a> is <code>"enforce"</code>, then set <var>result</var> to <code>"Blocked"</code>.</p>
     </ol>
    <li data-md>
     <p>Return <var>result</var>.</p>
   </ol>
   <h4 class="heading settled" data-level="4.5.5" id="csp-violation-object-hdr"><span class="secno">4.5.5. </span><span class="content">Violation object changes</span><a class="self-link" href="#csp-violation-object-hdr"></a></h4>
   <p><a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation" id="ref-for-violation">Violation</a> object <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-resource" id="ref-for-violation-resource②">resource</a> also allows <code>"trusted-types-policy"</code> and <code>"trusted-types-sink"</code> as values.</p>
   <h4 class="heading settled" data-level="4.5.6" id="csp-eval"><span class="secno">4.5.6. </span><span class="content">Support for eval(TrustedScript)</span><a class="self-link" href="#csp-eval"></a></h4>
   <p>This document modifies the <a href="https://www.w3.org/TR/CSP3/#can-compile-strings">EnsureCSPDoesNotBlockStringCompilation</a> which is reproduced in its entirety below with additions and deletions.</p>
   <p class="note" role="note"><span>Note:</span> See <a href="https://github.com/tc39/ecma262/issues/938">TC39/ecma262 issue #938</a> (adding the value to be compiled to algorithm parameters).</p>
   <div class="note" role="note">
    Note: EcmaScript code may call <code>Function()</code> and <code>eval</code> cross realm. 
<pre class="highlight"><c- a>let</c-> f <c- o>=</c-> <c- k>new</c-> self<c- p>.</c->top<c- p>.</c->Function<c- p>(</c->source<c- p>);</c->
</pre>
    <p>In this case, the <var>callerRealm</var>’s Window is <code>self</code> and the <var>calleeRealm</var>’s Window is <code>self.top</code>.
The Trusted Types portion of this algorithm uses <var>calleeRealm</var> for consistency with other sinks.</p>
<pre class="highlight"><c- c1>// Assigning a string to another Realm’s DOM sink uses that Realm’s default policy.</c->
self<c- p>.</c->top<c- p>.</c->body<c- p>.</c->innerHTML <c- o>=</c-> <c- t>'Hello, World!'</c-><c- p>;</c->
<c- c1>// Using another Realm’s builtin Function constructor should analogously use that</c->
<c- c1>// Realm’s default policy.</c->
<c- k>new</c-> self<c- p>.</c->top<c- p>.</c->Function<c- p>(</c-><c- t>'alert(1)'</c-><c- p>)()</c->
</pre>
    <p>This is subtly different from the CSP directive enforcement portion which rejects if either
the <var>calleeRealm</var> or <var>callerRealm</var>’s Content-Security-Policy rejects string compilation.</p>
   </div>
   <p>
    Given two <a href="https://tc39.github.io/ecma262/#realm">realms</a> (<var>callerRealm</var> and <var>calleeRealm</var>), and a 
    <del>string</del>
    <ins>value</ins>
     (<var>source</var>), this algorithm returns 
    <del>normally</del>
   </p>
   <ins>the source string to compile</ins>
    if compilation is allowed, and
throws an "<code>EvalError</code>" if not: 
   <ol>
    <li data-md>
     <ins>
      Let <var>sourceString</var> be the result of executing the <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string⑦">Get Trusted Type compliant string</a> algorithm, with: 
      <ul>
       <li data-md>
        <p><var>calleeRealm</var> as <var>global</var>,</p>
       <li data-md>
        <p><var>source</var> as <var>input</var>,</p>
       <li data-md>
        <p><code>eval</code> as <var>sink</var>,</p>
       <li data-md>
        <p><code>'script'</code> as <var>sinkGroup</var>,</p>
       <li data-md>
        <p><code class="idl"><a data-link-type="idl" href="#trustedscript" id="ref-for-trustedscript①⑥">TrustedScript</a></code> as <var>expectedType</var>.</p>
      </ul>
     </ins>
    <li data-md>
     <ins>If the algorithm throws an error, throw an <code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#exceptiondef-evalerror" id="ref-for-exceptiondef-evalerror">EvalError</a></code>.</ins>
    <li data-md>
     <p>Let <var>globals</var> be a list containing <var>calleeRealm</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global⑤">global object</a> and <var>calleeRealm</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global" id="ref-for-concept-realm-global⑥">global object</a>.</p>
    <li data-md>
     <p>For each <var>global</var> in <var>globals</var>:</p>
     <ol>
      <li data-md>
       <p>Let <var>result</var> be "<code>Allowed</code>".</p>
      <li data-md>
       <p>For each <var>policy</var> in <var>global</var>’s <span spec-section="#global-object-csp-list">CSP list</span>:</p>
       <ol>
        <li data-md>
         <p>Let <var>source-list</var> be <code>null</code>.</p>
        <li data-md>
         <p>If <var>policy</var> contains a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives⑤">directive</a> whose <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-name" id="ref-for-directive-name③">name</a> is "<code>script-src</code>", then
set <var>source-list</var> to that <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives⑥">directive</a>'s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value⑥">value</a>.</p>
         <p>Otherwise if <var>policy</var> contains a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directives" id="ref-for-directives⑦">directive</a> whose <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-name" id="ref-for-directive-name④">name</a> is
"<code>default-src</code>", then set <var>source-list</var> to that directive’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#directive-value" id="ref-for-directive-value⑦">value</a>.</p>
        <li data-md>
         <p>If <var>source-list</var> is not <code>null</code>, and does not contain a <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#source-expression" id="ref-for-source-expression">source expression</a> which is
an <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#ascii-case-insensitive" id="ref-for-ascii-case-insensitive">ASCII case-insensitive</a> match for the string "<a data-link-type="grammar" href="https://w3c.github.io/webappsec-csp/#grammardef-unsafe-eval" id="ref-for-grammardef-unsafe-eval"><code>'unsafe-eval'</code></a>" then:</p>
         <ol>
          <li data-md>
           <p>Let <var>violation</var> be the result of executing <a href="https://www.w3.org/TR/CSP3/#create-violation-for-global">Content Security Policy Level 3 §create-violation-for-global</a> on <var>global</var>, <var>policy</var>, and "<code>script-src</code>".</p>
          <li data-md>
           <p>Set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-resource" id="ref-for-violation-resource③">resource</a> to "<code>inline</code>".</p>
          <li data-md>
           <p>
            If <var>source-list</var> <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#list-contain" id="ref-for-list-contain">contains</a> the expression
"<a data-link-type="grammar" href="https://w3c.github.io/webappsec-csp/#grammardef-report-sample" id="ref-for-grammardef-report-sample"><code>'report-sample'</code></a>", then set <var>violation</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#violation-sample" id="ref-for-violation-sample②">sample</a> to
the substring of 
            <del><var>source</var></del>
            <ins><var>sourceString</var></ins>
             containing its first
40 characters.
           </p>
          <li data-md>
           <p>Execute <a href="https://www.w3.org/TR/CSP3/#report-violation">Content Security Policy Level 3 §report-violation</a> on <var>violation</var>.</p>
          <li data-md>
           <p>If <var>policy</var>’s <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/#policy-disposition" id="ref-for-policy-disposition②">disposition</a> is "<code>enforce</code>", then set <var>result</var> to
"<code>Blocked</code>".</p>
         </ol>
       </ol>
      <li data-md>
       <p>If <var>result</var> is "<code>Blocked</code>", throw an <code>EvalError</code> exception.</p>
     </ol>
    <li data-md>
     <ins>Return <var>sourceString</var>.</ins>
   </ol>
   <p class="note" role="note"><span>Note:</span> returning <var>sourceString</var> means that the string that gets
compiled is that returned by any <a data-link-type="dfn" href="#default-policy" id="ref-for-default-policy②">default policy</a> in the course of
executing <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string⑧">Get Trusted Type compliant string</a>.</p>
   <p class="issue" id="issue-e28ea232"><a class="self-link" href="#issue-e28ea232"></a> This depends on a solution to <a href="https://github.com/w3c/webappsec-trusted-types/issues/144">issue #144</a> like <a href="https://github.com/tc39-transfer/dynamic-code-brand-checks#problem-host-callout-does-not-receive-type-information">TC39 HostBeforeCompile</a></p>
   <p class="issue" id="issue-649f8da4"><a class="self-link" href="#issue-649f8da4"></a> In some cases, the violation "<code>'report-sample'</code>" contain the result of
applying the default policy to a string argument which differs.
Specifically when, there is a <a data-link-type="dfn" href="#default-policy" id="ref-for-default-policy③">default policy</a>, <var>isExempt</var> is false,
and <var>source</var> there is a CSP policy for either the <var>callerRealm</var> or <var>callerRealm</var> that disallows "<code>'unsafe-eval'"</code>.
Is this a feature or a bug?</p>
   <p class="note" role="note"><span>Note:</span> The previous algorithm reports violations via both report-uris where
callerRealm != calleeRealm.  If <a data-link-type="abstract-op" href="#abstract-opdef-get-trusted-type-compliant-string" id="ref-for-abstract-opdef-get-trusted-type-compliant-string⑨">Get Trusted Type compliant string</a> reports an
error, it only reports it via its <var>calleeRealm</var>’s report-uri.</p>
   <h2 class="heading settled" data-level="5" id="security-considerations"><span class="secno">5. </span><span class="content">Security Considerations</span><a class="self-link" href="#security-considerations"></a></h2>
   <p>Trusted Types are not intended to protect access to <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⑥">injection sinks</a> in an
actively malicious execution environment. It’s assumed that the application is
written by non-malicious authors; the intent is to prevent developer mistakes
that could result in security bugs, and not to defend against first-party
malicious code actively trying to bypass policy restrictions. Below we enumerate
already identified vectors that remain risky even in environments with enforced
Trusted Types.</p>
   <h3 class="heading settled" data-level="5.1" id="cross-document-vectors"><span class="secno">5.1. </span><span class="content">Cross-document vectors</span><a class="self-link" href="#cross-document-vectors"></a></h3>
   <p>While the code running in a window in which Trusted Types are enforced cannot
dynamically create nodes that would bypass the policy restrictions, it is
possible that such nodes can be imported or adopted from documents in other
windows, that don’t have the same set of restrictions. In essence - it is
possible to bypass Trusted Types if a malicious author creates a setup in which
a restricted document colludes with an unrestricted one.</p>
   <p>CSP propagation rules (see <a href="https://www.w3.org/TR/CSP3/#initialize-document-csp">Content Security Policy Level 3 §initialize-document-csp</a> partially address this
issue, as new <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#local-scheme" id="ref-for-local-scheme">local scheme</a> documents will inherit the same set of restrictions.
To address this issue comprehensively, other mechanisms like <a href="https://wicg.github.io/origin-policy/">Origin Policy</a> should be used to ensure that baseline security rules are applied for the whole
origin.</p>
   <h3 class="heading settled" data-level="5.2" id="deprecated-features"><span class="secno">5.2. </span><span class="content">Deprecated features</span><a class="self-link" href="#deprecated-features"></a></h3>
   <p>Some long-deprecated and rarely used plaform features are not subject to Trusted
Types, and could potentially be used by malicious authors to overcome the
restrictions:</p>
   <ul>
    <li data-md>
     <p><a href="https://w3c.github.io/webcomponents/spec/imports/">HTML imports</a></p>
   </ul>
   <h3 class="heading settled" data-level="5.3" id="best-practices-for-policy-design"><span class="secno">5.3. </span><span class="content">Best practices for policy design</span><a class="self-link" href="#best-practices-for-policy-design"></a></h3>
   <p>Trusted Types limit the scope of the code that can introduce
vulnerabilities via <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⑦">injection sinks</a> to the implementation of <a data-link-type="dfn" href="#policies" id="ref-for-policies⑥">policies</a>.
In this design, insecure policies can still expose <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⑧">injection sinks</a> to untrusted data.
Special emphasis needs to be taken by use policies that are either secure for all
possible inputs, or limit the access to insecure policies, such that they are only
called with non-attacker controlled inputs.</p>
   <p>As policies are custom JavaScript code, they may be written in a way that heavily
depends on a global state. We advise against this. The policies should
be self-contained as much as possible. All objects that may alter security decisions
a policy makes effectively <em>become</em> the policy, and should be guarded &amp; reviewed
together.</p>
   <p class="issue" id="issue-2eb927d2"><a class="self-link" href="#issue-2eb927d2"></a> Refer to the external document on secure policy design.</p>
   <h2 class="heading settled" data-level="6" id="implementation-considerations"><span class="secno">6. </span><span class="content">Implementation Considerations</span><a class="self-link" href="#implementation-considerations"></a></h2>
   <h3 class="heading settled" data-level="6.1" id="vendor-specific-extensions-and-addons"><span class="secno">6.1. </span><span class="content">Vendor-specific Extensions and Addons</span><a class="self-link" href="#vendor-specific-extensions-and-addons"></a></h3>
   <p>Restriction imposed by Trusted Types SHOULD
NOT interfere with the operation of user-agent features like addons,
extensions, or bookmarklets. These kinds of features generally advance
the user’s priority over page authors, as espoused in <a data-link-type="biblio" href="#biblio-html-design-principles">[html-design-principles]</a>. Specifically, extensions SHOULD be able to pass strings
to the <a data-link-type="dfn" href="#injection-sink" id="ref-for-injection-sink②⑨">injection sinks</a> without triggering <a data-link-type="dfn" href="#default-policy" id="ref-for-default-policy④">default policy</a> execution, violation generation, or the rejection of the value.</p>
  </main>
  <h2 class="no-ref no-num heading settled" id="conformance"><span class="content">Conformance</span><a class="self-link" href="#conformance"></a></h2>
  <h3 class="no-ref no-num heading settled" id="conventions"><span class="content">Document conventions</span><a class="self-link" href="#conventions"></a></h3>
  <p>Conformance requirements are expressed with a combination of
    descriptive assertions and RFC 2119 terminology. The key words “MUST”,
    “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”,
    “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this
    document are to be interpreted as described in RFC 2119.
    However, for readability, these words do not appear in all uppercase
    letters in this specification. </p>
  <p>All of the text of this specification is normative except sections
    explicitly marked as non-normative, examples, and notes. <a data-link-type="biblio" href="#biblio-rfc2119">[RFC2119]</a></p>
  <p>Examples in this specification are introduced with the words “for example”
    or are set apart from the normative text with <code>class="example"</code>,
    like this: </p>
  <div class="example" id="example-ae2b6bc0">
   <a class="self-link" href="#example-ae2b6bc0"></a> 
   <p>This is an example of an informative example.</p>
  </div>
  <p>Informative notes begin with the word “Note” and are set apart from the
    normative text with <code>class="note"</code>, like this: </p>
  <p class="note" role="note">Note, this is an informative note.</p>
  <h3 class="no-ref no-num heading settled" id="conformant-algorithms"><span class="content">Conformant Algorithms</span><a class="self-link" href="#conformant-algorithms"></a></h3>
  <p>Requirements phrased in the imperative as part of algorithms (such as
    "strip any leading space characters" or "return false and abort these
    steps") are to be interpreted with the meaning of the key word ("must",
    "should", "may", etc) used in introducing the algorithm.</p>
  <p>Conformance requirements phrased as algorithms or specific steps can be
    implemented in any manner, so long as the end result is equivalent. In
    particular, the algorithms defined in this specification are intended to
    be easy to understand and are not intended to be performant. Implementers
    are encouraged to optimize.</p>
<script src="https://www.w3.org/scripts/TR/2016/fixup.js"></script>
  <h2 class="no-num no-ref heading settled" id="index"><span class="content">Index</span><a class="self-link" href="#index"></a></h2>
  <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="content">Terms defined by this specification</span><a class="self-link" href="#index-defined-here"></a></h3>
  <ul class="index">
   <li><a href="#concept-element-attributes-append">append an attribute</a><span>, in §4.3</span>
   <li><a href="#concept-element-attributes-validation-ext">attribute validation steps</a><span>, in §4.3</span>
   <li><a href="#dom-htmlobjectelement-codebase">codeBase</a><span>, in §4.1.4</span>
   <li><a href="#abstract-opdef-create-a-trusted-type">Create a Trusted Type</a><span>, in §3.2</span>
   <li><a href="#abstract-opdef-create-a-trusted-type-policy">Create a Trusted Type Policy</a><span>, in §3.1</span>
   <li><a href="#dom-range-createcontextualfragment">createContextualFragment(fragment)</a><span>, in §4.4</span>
   <li><a href="#dom-trustedtypepolicyoptions-createhtml">createHTML</a><span>, in §2.3.3</span>
   <li><a href="#callbackdef-createhtmlcallback">CreateHTMLCallback</a><span>, in §2.3.3</span>
   <li><a href="#dom-trustedtypepolicy-createhtml">createHTML(input)</a><span>, in §2.3.2</span>
   <li><a href="#dom-trustedtypepolicy-createhtml">createHTML(input, ...arguments)</a><span>, in §2.3.2</span>
   <li><a href="#dom-trustedtypepolicyfactory-createpolicy">createPolicy(policyName)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-createpolicy">createPolicy(policyName, policyOptions)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyoptions-createscript">createScript</a><span>, in §2.3.3</span>
   <li><a href="#callbackdef-createscriptcallback">CreateScriptCallback</a><span>, in §2.3.3</span>
   <li><a href="#dom-trustedtypepolicy-createscript">createScript(input)</a><span>, in §2.3.2</span>
   <li><a href="#dom-trustedtypepolicy-createscript">createScript(input, ...arguments)</a><span>, in §2.3.2</span>
   <li><a href="#dom-trustedtypepolicyoptions-createscripturl">createScriptURL</a><span>, in §2.3.3</span>
   <li><a href="#callbackdef-createscripturlcallback">CreateScriptURLCallback</a><span>, in §2.3.3</span>
   <li><a href="#dom-trustedtypepolicy-createscripturl">createScriptURL(input)</a><span>, in §2.3.2</span>
   <li><a href="#dom-trustedtypepolicy-createscripturl">createScriptURL(input, ...arguments)</a><span>, in §2.3.2</span>
   <li><a href="#dom-htmlobjectelement-data">data</a><span>, in §4.1.4</span>
   <li><a href="#default-policy">Default policy</a><span>, in §2.3.4</span>
   <li><a href="#dom-trustedtypepolicyfactory-defaultpolicy">defaultPolicy</a><span>, in §2.3.1</span>
   <li><a href="#dom-domparser-domparser">DOMParser()</a><span>, in §4.4</span>
   <li><a href="#domparser">DOMParser</a><span>, in §4.4</span>
   <li><a href="#dom-trustedtypepolicyfactory-emptyhtml">emptyHTML</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-emptyscript">emptyScript</a><span>, in §2.3.1</span>
   <li><a href="#enforcement">Enforcement</a><span>, in §2.4</span>
   <li><a href="#dom-trustedtypepolicyfactory-getattributetype">getAttributeType(tagName, attribute)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-getattributetype">getAttributeType(tagName, attribute, elementNs)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-getattributetype">getAttributeType(tagName, attribute, elementNs, attrNs)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-getpolicynames">getPolicyNames()</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-getpropertytype">getPropertyType(tagName, property)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-getpropertytype">getPropertyType(tagName, property, elementNs)</a><span>, in §2.3.1</span>
   <li><a href="#abstract-opdef-get-trusted-type-compliant-string">Get Trusted Type compliant string</a><span>, in §3.3</span>
   <li><a href="#dom-svgscriptelement-href">href</a><span>, in §4.2</span>
   <li><a href="#typedefdef-htmlstring">HTMLString</a><span>, in §4</span>
   <li><a href="#typedefdef-htmlstringdefaultsempty">HTMLStringDefaultsEmpty</a><span>, in §4</span>
   <li><a href="#injection-sink">injection sink</a><span>, in §2.1</span>
   <li><a href="#dom-innerhtml-innerhtml">innerHTML</a><span>, in §4.4</span>
   <li><a href="#dom-htmlscriptelement-innertext">innerText</a><span>, in §4.1.3.2</span>
   <li><a href="#dom-element-insertadjacenthtml">insertAdjacentHTML(position, text)</a><span>, in §4.4</span>
   <li><a href="#dom-trustedtypepolicyfactory-ishtml">isHTML(value)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-isscripturl">isScriptURL(value)</a><span>, in §2.3.1</span>
   <li><a href="#dom-trustedtypepolicyfactory-isscript">isScript(value)</a><span>, in §2.3.1</span>
   <li><a href="#list-of-scripts-that-will-execute-in-order-as-soon-as-possible">list of scripts that will execute in order as soon as possible</a><span>, in §4.1.3.3</span>
   <li><a href="#list-of-scripts-that-will-execute-when-the-document-has-finished-parsing">list of scripts that will execute when the document has finished parsing</a><span>, in §4.1.3.3</span>
   <li>
    name
    <ul>
     <li><a href="#dom-trustedtypepolicy-name">attribute for TrustedTypePolicy</a><span>, in §2.3.2</span>
     <li><a href="#trustedtypepolicy-name">dfn for TrustedTypePolicy</a><span>, in §2.3.2</span>
    </ul>
   <li><a href="#dom-element-outerhtml">outerHTML</a><span>, in §4.4</span>
   <li><a href="#dom-domparser-parsefromstring">parseFromString(str, type)</a><span>, in §4.4</span>
   <li><a href="#policies">Policies</a><span>, in §2.3</span>
   <li><a href="#abstract-opdef-prepare-the-script-url-and-text">Prepare the script URL and text</a><span>, in §3.5</span>
   <li><a href="#abstract-opdef-process-value-with-a-default-policy">Process value with a default policy</a><span>, in §3.4</span>
   <li><a href="#require-trusted-types-for-directive">require-trusted-types-for-directive</a><span>, in §4.5.1</span>
   <li><a href="#typedefdef-scriptstring">ScriptString</a><span>, in §4</span>
   <li><a href="#script-scripttext">[[ScriptText]]</a><span>, in §4.1.3.1</span>
   <li><a href="#script-scripturl">[[ScriptURL]]</a><span>, in §4.1.3.1</span>
   <li><a href="#typedefdef-scripturlstring">ScriptURLString</a><span>, in §4</span>
   <li><a href="#serialized-tt-configuration">serialized-tt-configuration</a><span>, in §4.5.2</span>
   <li><a href="#dom-windoworworkerglobalscope-setinterval">setInterval(handler)</a><span>, in §4.1.5</span>
   <li><a href="#dom-windoworworkerglobalscope-setinterval">setInterval(handler, timeout)</a><span>, in §4.1.5</span>
   <li><a href="#dom-windoworworkerglobalscope-setinterval">setInterval(handler, timeout, ...arguments)</a><span>, in §4.1.5</span>
   <li><a href="#set-of-scripts-that-will-execute-as-soon-as-possible">set of scripts that will execute as soon as possible</a><span>, in §4.1.3.3</span>
   <li><a href="#dom-windoworworkerglobalscope-settimeout">setTimeout(handler)</a><span>, in §4.1.5</span>
   <li><a href="#dom-windoworworkerglobalscope-settimeout">setTimeout(handler, timeout)</a><span>, in §4.1.5</span>
   <li><a href="#dom-windoworworkerglobalscope-settimeout">setTimeout(handler, timeout, ...arguments)</a><span>, in §4.1.5</span>
   <li><a href="#abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">Should sink type mismatch violation be blocked by Content Security Policy?</a><span>, in §4.5.3</span>
   <li><a href="#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">Should Trusted Type policy creation be blocked by Content Security Policy?</a><span>, in §4.5.4</span>
   <li>
    src
    <ul>
     <li><a href="#dom-htmlembedelement-src">attribute for HTMLEmbedElement</a><span>, in §4.1.4</span>
     <li><a href="#dom-htmlscriptelement-src">attribute for HTMLScriptElement</a><span>, in §4.1.3.2</span>
    </ul>
   <li><a href="#dom-htmliframeelement-srcdoc">srcdoc</a><span>, in §4.1.4</span>
   <li>
    stringification behavior
    <ul>
     <li><a href="#TrustedHTML-stringification-behavior">dfn for TrustedHTML</a><span>, in §2.2.1</span>
     <li><a href="#TrustedScript-stringification-behavior">dfn for TrustedScript</a><span>, in §2.2.2</span>
     <li><a href="#TrustedScriptURL-stringification-behavior">dfn for TrustedScriptURL</a><span>, in §2.2.3</span>
    </ul>
   <li><a href="#dom-htmlscriptelement-text">text</a><span>, in §4.1.3.2</span>
   <li><a href="#dom-htmlscriptelement-textcontent">textContent</a><span>, in §4.1.3.2</span>
   <li>
    TrustedHTML
    <ul>
     <li><a href="#trustedhtml">(interface)</a><span>, in §2.2.1</span>
     <li><a href="#typedef-trustedhtml">(type)</a><span>, in §2.2.1</span>
    </ul>
   <li>
    TrustedScript
    <ul>
     <li><a href="#trustedscript">(interface)</a><span>, in §2.2.2</span>
     <li><a href="#typedef-trustedscript">(type)</a><span>, in §2.2.2</span>
    </ul>
   <li>
    TrustedScriptURL
    <ul>
     <li><a href="#trustedscripturl">(interface)</a><span>, in §2.2.3</span>
     <li><a href="#typedef-trustedscripturl">(type)</a><span>, in §2.2.3</span>
    </ul>
   <li><a href="#typedefdef-trustedtimerhandler">TrustedTimerHandler</a><span>, in §4.1.5</span>
   <li><a href="#typedefdef-trustedtype">TrustedType</a><span>, in §4</span>
   <li><a href="#trusted-type">Trusted Type</a><span>, in §2.2</span>
   <li>
    TrustedTypePolicy
    <ul>
     <li><a href="#trustedtypepolicy">(interface)</a><span>, in §2.3.2</span>
     <li><a href="#typedef-trustedtypepolicy">(type)</a><span>, in §2.3.2</span>
    </ul>
   <li>
    TrustedTypePolicyFactory
    <ul>
     <li><a href="#trustedtypepolicyfactory">(interface)</a><span>, in §2.3.1</span>
     <li><a href="#typedef-trustedtypepolicyfactory">(type)</a><span>, in §2.3.1</span>
    </ul>
   <li><a href="#window-trusted-type-policy-factory">trusted type policy factory</a><span>, in §4.1</span>
   <li>
    TrustedTypePolicyOptions
    <ul>
     <li><a href="#dictdef-trustedtypepolicyoptions">(dictionary)</a><span>, in §2.3.3</span>
     <li><a href="#typedef-trustedtypepolicyoptions">(type)</a><span>, in §2.3.3</span>
    </ul>
   <li><a href="#extendedattrdef-trustedtypes">TrustedTypes</a><span>, in §2.4.2</span>
   <li><a href="#dom-window-trustedtypes">trustedTypes</a><span>, in §4.1.1</span>
   <li><a href="#trusted-types-directive">trusted-types-directive</a><span>, in §4.5.2</span>
   <li><a href="#trusted-types-sink-group">trusted-types-sink-group</a><span>, in §4.5.1</span>
   <li><a href="#tt-expression">tt-expression</a><span>, in §4.5.2</span>
   <li><a href="#tt-keyword">tt-keyword</a><span>, in §4.5.2</span>
   <li><a href="#tt-policy-name">tt-policy-name</a><span>, in §4.5.2</span>
   <li><a href="#dom-document-write">write()</a><span>, in §4.1.2</span>
   <li><a href="#dom-document-writeln">writeln()</a><span>, in §4.1.2</span>
   <li><a href="#dom-document-writeln">writeln(...text)</a><span>, in §4.1.2</span>
   <li><a href="#dom-document-write">write(...text)</a><span>, in §4.1.2</span>
  </ul>
  <aside class="dfn-panel" data-for="term-for-document">
   <a href="https://dom.spec.whatwg.org/#document">https://dom.spec.whatwg.org/#document</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-document">2.1.1. HTML injection sinks</a>
    <li><a href="#ref-for-document①">3.5. Prepare the script URL and text</a> <a href="#ref-for-document②">(2)</a>
    <li><a href="#ref-for-document③">4.1.2. Extensions to the Document interface</a> <a href="#ref-for-document④">(2)</a>
    <li><a href="#ref-for-document⑤">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-documentfragment">
   <a href="https://dom.spec.whatwg.org/#documentfragment">https://dom.spec.whatwg.org/#documentfragment</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-documentfragment">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-element">
   <a href="https://dom.spec.whatwg.org/#element">https://dom.spec.whatwg.org/#element</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-element">2.1.2. DOM XSS injection sinks</a> <a href="#ref-for-element①">(2)</a>
    <li><a href="#ref-for-element②">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-element③">(2)</a>
    <li><a href="#ref-for-element④">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-element⑤">(2)</a>
    <li><a href="#ref-for-element⑥">4.3. Integration with DOM</a>
    <li><a href="#ref-for-element⑦">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-range">
   <a href="https://dom.spec.whatwg.org/#range">https://dom.spec.whatwg.org/#range</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-range">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-node-append">
   <a href="https://dom.spec.whatwg.org/#concept-node-append">https://dom.spec.whatwg.org/#concept-node-append</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-node-append">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-element-attributes-change-ext">
   <a href="https://dom.spec.whatwg.org/#concept-element-attributes-change-ext">https://dom.spec.whatwg.org/#concept-element-attributes-change-ext</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-element-attributes-change-ext">4.1.6. Enforcement in event handler content attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-element-attribute">
   <a href="https://dom.spec.whatwg.org/#concept-element-attribute">https://dom.spec.whatwg.org/#concept-element-attribute</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-element-attribute">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-child-text-content">
   <a href="https://dom.spec.whatwg.org/#concept-child-text-content">https://dom.spec.whatwg.org/#concept-child-text-content</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-child-text-content">3.5. Prepare the script URL and text</a> <a href="#ref-for-concept-child-text-content①">(2)</a>
    <li><a href="#ref-for-concept-child-text-content②">4.1.3.1. Slots with trusted values</a>
    <li><a href="#ref-for-concept-child-text-content③">4.1.3.2. Setting slot values</a>
    <li><a href="#script-processing-model:child-text-content">4.1.3.3. Slot value verification</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-context-object">
   <a href="https://dom.spec.whatwg.org/#context-object">https://dom.spec.whatwg.org/#context-object</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-context-object">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-context-object①">(2)</a>
    <li><a href="#ref-for-context-object②">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-context-object③">(2)</a> <a href="#ref-for-context-object④">(3)</a> <a href="#ref-for-context-object⑤">(4)</a> <a href="#ref-for-context-object⑥">(5)</a> <a href="#ref-for-context-object⑦">(6)</a> <a href="#ref-for-context-object⑧">(7)</a> <a href="#ref-for-context-object⑨">(8)</a> <a href="#ref-for-context-object①⓪">(9)</a> <a href="#ref-for-context-object①①">(10)</a>
    <li><a href="#ref-for-context-object①②">4.1.5. Enforcement in timer functions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-attribute-element">
   <a href="https://dom.spec.whatwg.org/#concept-attribute-element">https://dom.spec.whatwg.org/#concept-attribute-element</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-attribute-element">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-element-interface">
   <a href="https://dom.spec.whatwg.org/#concept-element-interface">https://dom.spec.whatwg.org/#concept-element-interface</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-element-interface">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-concept-element-interface①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-element-local-name">
   <a href="https://dom.spec.whatwg.org/#concept-element-local-name">https://dom.spec.whatwg.org/#concept-element-local-name</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-element-local-name">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-concept-element-local-name①">(2)</a>
    <li><a href="#ref-for-concept-element-local-name②">4.1.6. Enforcement in event handler content attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-attribute-namespace">
   <a href="https://dom.spec.whatwg.org/#concept-attribute-namespace">https://dom.spec.whatwg.org/#concept-attribute-namespace</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-attribute-namespace">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-other-applicable-specifications">
   <a href="https://dom.spec.whatwg.org/#other-applicable-specifications">https://dom.spec.whatwg.org/#other-applicable-specifications</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-other-applicable-specifications">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dom-node-textcontent">
   <a href="https://dom.spec.whatwg.org/#dom-node-textcontent">https://dom.spec.whatwg.org/#dom-node-textcontent</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-node-textcontent">4.1.3.2. Setting slot values</a> <a href="#ref-for-dom-node-textcontent①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-attribute-value">
   <a href="https://dom.spec.whatwg.org/#concept-attribute-value">https://dom.spec.whatwg.org/#concept-attribute-value</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-attribute-value">4.3. Integration with DOM</a> <a href="#ref-for-concept-attribute-value①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-h-the-domparser-interface">
   <a href="https://www.w3.org/TR/DOM-Parsing/#h-the-domparser-interface">https://www.w3.org/TR/DOM-Parsing/#h-the-domparser-interface</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-h-the-domparser-interface">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dom-requestdestination-script">
   <a href="https://fetch.spec.whatwg.org/#dom-requestdestination-script">https://fetch.spec.whatwg.org/#dom-requestdestination-script</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-requestdestination-script">3.5. Prepare the script URL and text</a>
    <li><a href="#ref-for-dom-requestdestination-script①">4.1.3.1. Slots with trusted values</a>
    <li><a href="#ref-for-dom-requestdestination-script②">4.1.3.3. Slot value verification</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-request-client">
   <a href="https://fetch.spec.whatwg.org/#concept-request-client">https://fetch.spec.whatwg.org/#concept-request-client</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-request-client">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-local-scheme">
   <a href="https://fetch.spec.whatwg.org/#local-scheme">https://fetch.spec.whatwg.org/#local-scheme</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-local-scheme">5.1. Cross-document vectors</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-request-url">
   <a href="https://fetch.spec.whatwg.org/#concept-request-url">https://fetch.spec.whatwg.org/#concept-request-url</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-request-url">4.5.1.1. require-trusted-types-for Pre-Navigation check</a> <a href="#ref-for-concept-request-url①">(2)</a> <a href="#ref-for-concept-request-url②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-cereactions">
   <a href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions">https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-cereactions">4.1.2. Extensions to the Document interface</a> <a href="#ref-for-cereactions①">(2)</a>
    <li><a href="#ref-for-cereactions②">4.1.3.2. Setting slot values</a> <a href="#ref-for-cereactions③">(2)</a> <a href="#ref-for-cereactions④">(3)</a> <a href="#ref-for-cereactions⑤">(4)</a>
    <li><a href="#ref-for-cereactions⑥">4.1.4. Enforcement in element attributes</a> <a href="#ref-for-cereactions⑦">(2)</a> <a href="#ref-for-cereactions⑧">(3)</a> <a href="#ref-for-cereactions⑨">(4)</a>
    <li><a href="#ref-for-cereactions①⓪">4.4. Integration with DOM Parsing</a> <a href="#ref-for-cereactions①①">(2)</a> <a href="#ref-for-cereactions①②">(3)</a> <a href="#ref-for-cereactions①③">(4)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-htmlelement">
   <a href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement">https://html.spec.whatwg.org/multipage/dom.html#htmlelement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-htmlelement">4.1.3.2. Setting slot values</a>
    <li><a href="#ref-for-htmlelement①">4.1.4. Enforcement in element attributes</a> <a href="#ref-for-htmlelement②">(2)</a> <a href="#ref-for-htmlelement③">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-htmlembedelement">
   <a href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement">https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-htmlembedelement">4.1.4. Enforcement in element attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-htmliframeelement">
   <a href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement">https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-htmliframeelement">4.1.4. Enforcement in element attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-htmlobjectelement">
   <a href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlobjectelement">https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlobjectelement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-htmlobjectelement">4.1.4. Enforcement in element attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-htmlscriptelement">
   <a href="https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement">https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-htmlscriptelement">4.1.3.2. Setting slot values</a> <a href="#ref-for-htmlscriptelement①">(2)</a> <a href="#ref-for-htmlscriptelement②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-window">
   <a href="https://html.spec.whatwg.org/multipage/window-object.html#window">https://html.spec.whatwg.org/multipage/window-object.html#window</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-window">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-window①">4.1. Integration with HTML</a>
    <li><a href="#ref-for-window②">4.1.1. Extensions to the Window interface</a> <a href="#ref-for-window③">(2)</a> <a href="#ref-for-window④">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-windoworworkerglobalscope">
   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope">https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-windoworworkerglobalscope">4.1.5. Enforcement in timer functions</a> <a href="#ref-for-windoworworkerglobalscope①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-document-csp-list">
   <a href="https://html.spec.whatwg.org/multipage/dom.html#concept-document-csp-list">https://html.spec.whatwg.org/multipage/dom.html#concept-document-csp-list</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-document-csp-list">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-concept-document-csp-list①">4.5.3. Should sink type mismatch violation be blocked by Content Security Policy?</a>
    <li><a href="#ref-for-concept-document-csp-list②">4.5.4. Should Trusted Type policy creation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-settings-object-global">
   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global">https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-settings-object-global">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dom-innertext">
   <a href="https://html.spec.whatwg.org/multipage/dom.html#dom-innertext">https://html.spec.whatwg.org/multipage/dom.html#dom-innertext</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-innertext">4.1.3.2. Setting slot values</a> <a href="#ref-for-dom-innertext①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-prepare-a-script">
   <a href="https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script">https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-prepare-a-script">4.1.3.3. Slot value verification</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-global-object-realm">
   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-global-object-realm">https://html.spec.whatwg.org/multipage/webappapis.html#concept-global-object-realm</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-global-object-realm">2.3. Policies</a>
    <li><a href="#ref-for-concept-global-object-realm①">4.5.1. require-trusted-types-for directive</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-reflect">
   <a href="https://html.spec.whatwg.org/multipage/common-dom-interfaces.html#reflect">https://html.spec.whatwg.org/multipage/common-dom-interfaces.html#reflect</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-reflect">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-relevant-global">
   <a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global">https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-relevant-global">2.3.1. TrustedTypePolicyFactory</a>
    <li><a href="#ref-for-concept-relevant-global①">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-concept-relevant-global②">(2)</a> <a href="#ref-for-concept-relevant-global③">(3)</a> <a href="#ref-for-concept-relevant-global④">(4)</a>
    <li><a href="#ref-for-concept-relevant-global⑤">3.5. Prepare the script URL and text</a> <a href="#ref-for-concept-relevant-global⑥">(2)</a>
    <li><a href="#ref-for-concept-relevant-global⑦">4.1.5. Enforcement in timer functions</a>
    <li><a href="#ref-for-concept-relevant-global⑧">4.1.6. Enforcement in event handler content attributes</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-list-append">
   <a href="https://infra.spec.whatwg.org/#list-append">https://infra.spec.whatwg.org/#list-append</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-list-append">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-ascii-case-insensitive">
   <a href="https://infra.spec.whatwg.org/#ascii-case-insensitive">https://infra.spec.whatwg.org/#ascii-case-insensitive</a><b>Referenced in:</b>
   <ul>
    <li><a href="#script-processing-model:ascii-case-insensitive">4.1.3.3. Slot value verification</a> <a href="#script-processing-model:ascii-case-insensitive-2">(2)</a> <a href="#script-processing-model:ascii-case-insensitive-3">(3)</a>
    <li><a href="#ref-for-ascii-case-insensitive">4.5.6. Support for eval(TrustedScript)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-ascii-lowercase">
   <a href="https://infra.spec.whatwg.org/#ascii-lowercase">https://infra.spec.whatwg.org/#ascii-lowercase</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-ascii-lowercase">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-ascii-lowercase①">(2)</a> <a href="#ref-for-ascii-lowercase②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-string-concatenate">
   <a href="https://infra.spec.whatwg.org/#string-concatenate">https://infra.spec.whatwg.org/#string-concatenate</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-string-concatenate">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-string-concatenate①">(2)</a>
    <li><a href="#ref-for-string-concatenate②">4.1.6. Enforcement in event handler content attributes</a>
    <li><a href="#ref-for-string-concatenate③">4.5.3. Should sink type mismatch violation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-list-contain">
   <a href="https://infra.spec.whatwg.org/#list-contain">https://infra.spec.whatwg.org/#list-contain</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-list-contain">4.5.6. Support for eval(TrustedScript)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-html-namespace">
   <a href="https://infra.spec.whatwg.org/#html-namespace">https://infra.spec.whatwg.org/#html-namespace</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-html-namespace">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-html-namespace①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-ordered-set">
   <a href="https://infra.spec.whatwg.org/#ordered-set">https://infra.spec.whatwg.org/#ordered-set</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-ordered-set">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-InterfaceSVGElement">
   <a href="https://svgwg.org/svg2-draft/types.html#InterfaceSVGElement">https://svgwg.org/svg2-draft/types.html#InterfaceSVGElement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-InterfaceSVGElement">4.2. Integration with SVG</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-InterfaceSVGScriptElement">
   <a href="https://svgwg.org/svg2-draft/interact.html#InterfaceSVGScriptElement">https://svgwg.org/svg2-draft/interact.html#InterfaceSVGScriptElement</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-InterfaceSVGScriptElement">4.2. Integration with SVG</a> <a href="#ref-for-InterfaceSVGScriptElement①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-url-scheme">
   <a href="https://url.spec.whatwg.org/#concept-url-scheme">https://url.spec.whatwg.org/#concept-url-scheme</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-url-scheme">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-url-parser">
   <a href="https://url.spec.whatwg.org/#concept-url-parser">https://url.spec.whatwg.org/#concept-url-parser</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-url-parser">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-concept-url-serializer">
   <a href="https://url.spec.whatwg.org/#concept-url-serializer">https://url.spec.whatwg.org/#concept-url-serializer</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-url-serializer">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-idl-DOMString">
   <a href="https://heycam.github.io/webidl/#idl-DOMString">https://heycam.github.io/webidl/#idl-DOMString</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-idl-DOMString">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-idl-DOMString①">(2)</a> <a href="#ref-for-idl-DOMString②">(3)</a> <a href="#ref-for-idl-DOMString③">(4)</a> <a href="#ref-for-idl-DOMString④">(5)</a> <a href="#ref-for-idl-DOMString⑤">(6)</a> <a href="#ref-for-idl-DOMString⑥">(7)</a> <a href="#ref-for-idl-DOMString⑦">(8)</a> <a href="#ref-for-idl-DOMString⑧">(9)</a> <a href="#ref-for-idl-DOMString⑨">(10)</a> <a href="#ref-for-idl-DOMString①⓪">(11)</a>
    <li><a href="#ref-for-idl-DOMString①①">2.3.2. TrustedTypePolicy</a> <a href="#ref-for-idl-DOMString①②">(2)</a> <a href="#ref-for-idl-DOMString①③">(3)</a> <a href="#ref-for-idl-DOMString①④">(4)</a>
    <li><a href="#ref-for-idl-DOMString①⑤">2.3.3. TrustedTypePolicyOptions</a> <a href="#ref-for-idl-DOMString①⑥">(2)</a> <a href="#ref-for-idl-DOMString①⑦">(3)</a> <a href="#ref-for-idl-DOMString①⑧">(4)</a> <a href="#ref-for-idl-DOMString①⑨">(5)</a>
    <li><a href="#ref-for-idl-DOMString②⓪">4. Integrations</a> <a href="#ref-for-idl-DOMString②①">(2)</a> <a href="#ref-for-idl-DOMString②②">(3)</a>
    <li><a href="#ref-for-idl-DOMString②③">4.1.4. Enforcement in element attributes</a>
    <li><a href="#ref-for-idl-DOMString②④">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-exceptiondef-evalerror">
   <a href="https://heycam.github.io/webidl/#exceptiondef-evalerror">https://heycam.github.io/webidl/#exceptiondef-evalerror</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-exceptiondef-evalerror">4.5.6. Support for eval(TrustedScript)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-Exposed">
   <a href="https://heycam.github.io/webidl/#Exposed">https://heycam.github.io/webidl/#Exposed</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-Exposed">2.2.1. TrustedHTML</a>
    <li><a href="#ref-for-Exposed①">2.2.2. TrustedScript</a>
    <li><a href="#ref-for-Exposed②">2.2.3. TrustedScriptURL</a>
    <li><a href="#ref-for-Exposed③">2.3.1. TrustedTypePolicyFactory</a>
    <li><a href="#ref-for-Exposed④">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-Exposed⑤">4.4. Integration with DOM Parsing</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-Function">
   <a href="https://heycam.github.io/webidl/#Function">https://heycam.github.io/webidl/#Function</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-Function">4.1.5. Enforcement in timer functions</a> <a href="#ref-for-Function①">(2)</a> <a href="#ref-for-Function②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-NewObject">
   <a href="https://heycam.github.io/webidl/#NewObject">https://heycam.github.io/webidl/#NewObject</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-NewObject">4.4. Integration with DOM Parsing</a> <a href="#ref-for-NewObject①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-TreatNullAs">
   <a href="https://heycam.github.io/webidl/#TreatNullAs">https://heycam.github.io/webidl/#TreatNullAs</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-TreatNullAs">4. Integrations</a>
    <li><a href="#ref-for-TreatNullAs①">4.1.3.2. Setting slot values</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-exceptiondef-typeerror">
   <a href="https://heycam.github.io/webidl/#exceptiondef-typeerror">https://heycam.github.io/webidl/#exceptiondef-typeerror</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-exceptiondef-typeerror">3.1. Create a Trusted Type Policy</a> <a href="#ref-for-exceptiondef-typeerror①">(2)</a>
    <li><a href="#ref-for-exceptiondef-typeerror②">3.2. Create a Trusted Type</a>
    <li><a href="#ref-for-exceptiondef-typeerror③">3.3. Get Trusted Type compliant string</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-idl-USVString">
   <a href="https://heycam.github.io/webidl/#idl-USVString">https://heycam.github.io/webidl/#idl-USVString</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-idl-USVString">2.3.3. TrustedTypePolicyOptions</a>
    <li><a href="#ref-for-idl-USVString①">4. Integrations</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-Unforgeable">
   <a href="https://heycam.github.io/webidl/#Unforgeable">https://heycam.github.io/webidl/#Unforgeable</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-Unforgeable">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-Unforgeable①">(2)</a> <a href="#ref-for-Unforgeable②">(3)</a> <a href="#ref-for-Unforgeable③">(4)</a> <a href="#ref-for-Unforgeable④">(5)</a> <a href="#ref-for-Unforgeable⑤">(6)</a> <a href="#ref-for-Unforgeable⑥">(7)</a>
    <li><a href="#ref-for-Unforgeable⑦">2.3.2. TrustedTypePolicy</a> <a href="#ref-for-Unforgeable⑧">(2)</a> <a href="#ref-for-Unforgeable⑨">(3)</a> <a href="#ref-for-Unforgeable①⓪">(4)</a>
    <li><a href="#ref-for-Unforgeable①①">4.1.1. Extensions to the Window interface</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dfn-attribute">
   <a href="https://heycam.github.io/webidl/#dfn-attribute">https://heycam.github.io/webidl/#dfn-attribute</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dfn-attribute">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-dfn-attribute①">(2)</a> <a href="#ref-for-dfn-attribute②">(3)</a>
    <li><a href="#ref-for-dfn-attribute③">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-dfn-attribute④">(2)</a>
    <li><a href="#ref-for-dfn-attribute⑤">4.3. Integration with DOM</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-idl-boolean">
   <a href="https://heycam.github.io/webidl/#idl-boolean">https://heycam.github.io/webidl/#idl-boolean</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-idl-boolean">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-idl-boolean①">(2)</a> <a href="#ref-for-idl-boolean②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dfn-extended-attribute">
   <a href="https://heycam.github.io/webidl/#dfn-extended-attribute">https://heycam.github.io/webidl/#dfn-extended-attribute</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dfn-extended-attribute">2.4.2. TrustedTypes extended attribute</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-include">
   <a href="https://heycam.github.io/webidl/#include">https://heycam.github.io/webidl/#include</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-include">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-interface-mixin">
   <a href="https://heycam.github.io/webidl/#interface-mixin">https://heycam.github.io/webidl/#interface-mixin</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-interface-mixin">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-idl-long">
   <a href="https://heycam.github.io/webidl/#idl-long">https://heycam.github.io/webidl/#idl-long</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-idl-long">4.1.5. Enforcement in timer functions</a> <a href="#ref-for-idl-long①">(2)</a> <a href="#ref-for-idl-long②">(3)</a> <a href="#ref-for-idl-long③">(4)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dfn-operation">
   <a href="https://heycam.github.io/webidl/#dfn-operation">https://heycam.github.io/webidl/#dfn-operation</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dfn-operation">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-dfn-operation①">(2)</a> <a href="#ref-for-dfn-operation②">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dfn-read-only">
   <a href="https://heycam.github.io/webidl/#dfn-read-only">https://heycam.github.io/webidl/#dfn-read-only</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dfn-read-only">2.4.2. TrustedTypes extended attribute</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="term-for-dfn-xattr-identifier">
   <a href="https://heycam.github.io/webidl/#dfn-xattr-identifier">https://heycam.github.io/webidl/#dfn-xattr-identifier</a><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dfn-xattr-identifier">2.4.2. TrustedTypes extended attribute</a>
   </ul>
  </aside>
  <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span class="content">Terms defined by reference</span><a class="self-link" href="#index-defined-elsewhere"></a></h3>
  <ul class="index">
   <li>
    <a data-link-type="biblio">[DOM]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-document" style="color:initial">Document</span>
     <li><span class="dfn-paneled" id="term-for-documentfragment" style="color:initial">DocumentFragment</span>
     <li><span class="dfn-paneled" id="term-for-element" style="color:initial">Element</span>
     <li><span class="dfn-paneled" id="term-for-range" style="color:initial">Range</span>
     <li><span class="dfn-paneled" id="term-for-concept-node-append" style="color:initial">append</span>
     <li><span class="dfn-paneled" id="term-for-concept-element-attributes-change-ext" style="color:initial">attribute change steps</span>
     <li><span class="dfn-paneled" id="term-for-concept-element-attribute" style="color:initial">attribute list</span>
     <li><span class="dfn-paneled" id="term-for-concept-child-text-content" style="color:initial">child text content</span>
     <li><span class="dfn-paneled" id="term-for-context-object" style="color:initial">context object</span>
     <li><span class="dfn-paneled" id="term-for-concept-attribute-element" style="color:initial">element <small>(for Attr)</small></span>
     <li><span class="dfn-paneled" id="term-for-concept-element-interface" style="color:initial">element interface</span>
     <li><span class="dfn-paneled" id="term-for-concept-element-local-name" style="color:initial">local name <small>(for Element)</small></span>
     <li><span class="dfn-paneled" id="term-for-concept-attribute-namespace" style="color:initial">namespace</span>
     <li><span class="dfn-paneled" id="term-for-other-applicable-specifications" style="color:initial">other applicable specifications</span>
     <li><span class="dfn-paneled" id="term-for-dom-node-textcontent" style="color:initial">textContent</span>
     <li><span class="dfn-paneled" id="term-for-concept-attribute-value" style="color:initial">value</span>
    </ul>
   <li>
    <a data-link-type="biblio">[DOM-Parsing]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-h-the-domparser-interface" style="color:initial">SupportedType</span>
    </ul>
   <li>
    <a data-link-type="biblio">[Fetch]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-dom-requestdestination-script" style="color:initial">"script"</span>
     <li><span class="dfn-paneled" id="term-for-concept-request-client" style="color:initial">client</span>
     <li><span class="dfn-paneled" id="term-for-local-scheme" style="color:initial">local scheme</span>
     <li><span class="dfn-paneled" id="term-for-concept-request-url" style="color:initial">url</span>
    </ul>
   <li>
    <a data-link-type="biblio">[HTML]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-cereactions" style="color:initial">CEReactions</span>
     <li><span class="dfn-paneled" id="term-for-htmlelement" style="color:initial">HTMLElement</span>
     <li><span class="dfn-paneled" id="term-for-htmlembedelement" style="color:initial">HTMLEmbedElement</span>
     <li><span class="dfn-paneled" id="term-for-htmliframeelement" style="color:initial">HTMLIFrameElement</span>
     <li><span class="dfn-paneled" id="term-for-htmlobjectelement" style="color:initial">HTMLObjectElement</span>
     <li><span class="dfn-paneled" id="term-for-htmlscriptelement" style="color:initial">HTMLScriptElement</span>
     <li><span class="dfn-paneled" id="term-for-window" style="color:initial">Window</span>
     <li><span class="dfn-paneled" id="term-for-windoworworkerglobalscope" style="color:initial">WindowOrWorkerGlobalScope</span>
     <li><span class="dfn-paneled" id="term-for-concept-document-csp-list" style="color:initial">csp list</span>
     <li><span class="dfn-paneled" id="term-for-concept-settings-object-global" style="color:initial">global object <small>(for environment settings object)</small></span>
     <li><span class="dfn-paneled" id="term-for-dom-innertext" style="color:initial">innerText</span>
     <li><span class="dfn-paneled" id="term-for-prepare-a-script" style="color:initial">prepare a script</span>
     <li><span class="dfn-paneled" id="term-for-concept-global-object-realm" style="color:initial">realm</span>
     <li><span class="dfn-paneled" id="term-for-reflect" style="color:initial">reflect</span>
     <li><span class="dfn-paneled" id="term-for-concept-relevant-global" style="color:initial">relevant global object</span>
    </ul>
   <li>
    <a data-link-type="biblio">[INFRA]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-list-append" style="color:initial">append</span>
     <li><span class="dfn-paneled" id="term-for-ascii-case-insensitive" style="color:initial">ascii case-insensitive</span>
     <li><span class="dfn-paneled" id="term-for-ascii-lowercase" style="color:initial">ascii lowercase</span>
     <li><span class="dfn-paneled" id="term-for-string-concatenate" style="color:initial">concatenate</span>
     <li><span class="dfn-paneled" id="term-for-list-contain" style="color:initial">contain</span>
     <li><span class="dfn-paneled" id="term-for-html-namespace" style="color:initial">html namespace</span>
     <li><span class="dfn-paneled" id="term-for-ordered-set" style="color:initial">ordered set</span>
    </ul>
   <li>
    <a data-link-type="biblio">[SVG2]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-InterfaceSVGElement" style="color:initial">SVGElement</span>
     <li><span class="dfn-paneled" id="term-for-InterfaceSVGScriptElement" style="color:initial">SVGScriptElement</span>
    </ul>
   <li>
    <a data-link-type="biblio">[URL]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-concept-url-scheme" style="color:initial">scheme</span>
     <li><span class="dfn-paneled" id="term-for-concept-url-parser" style="color:initial">url parser</span>
     <li><span class="dfn-paneled" id="term-for-concept-url-serializer" style="color:initial">url serializer</span>
    </ul>
   <li>
    <a data-link-type="biblio">[WebIDL]</a> defines the following terms:
    <ul>
     <li><span class="dfn-paneled" id="term-for-idl-DOMString" style="color:initial">DOMString</span>
     <li><span class="dfn-paneled" id="term-for-exceptiondef-evalerror" style="color:initial">EvalError</span>
     <li><span class="dfn-paneled" id="term-for-Exposed" style="color:initial">Exposed</span>
     <li><span class="dfn-paneled" id="term-for-Function" style="color:initial">Function</span>
     <li><span class="dfn-paneled" id="term-for-NewObject" style="color:initial">NewObject</span>
     <li><span class="dfn-paneled" id="term-for-TreatNullAs" style="color:initial">TreatNullAs</span>
     <li><span class="dfn-paneled" id="term-for-exceptiondef-typeerror" style="color:initial">TypeError</span>
     <li><span class="dfn-paneled" id="term-for-idl-USVString" style="color:initial">USVString</span>
     <li><span class="dfn-paneled" id="term-for-Unforgeable" style="color:initial">Unforgeable</span>
     <li><span class="dfn-paneled" id="term-for-dfn-attribute" style="color:initial">attribute</span>
     <li><span class="dfn-paneled" id="term-for-idl-boolean" style="color:initial">boolean</span>
     <li><span class="dfn-paneled" id="term-for-dfn-extended-attribute" style="color:initial">extended attribute</span>
     <li><span class="dfn-paneled" id="term-for-include" style="color:initial">include</span>
     <li><span class="dfn-paneled" id="term-for-interface-mixin" style="color:initial">interface mixin</span>
     <li><span class="dfn-paneled" id="term-for-idl-long" style="color:initial">long</span>
     <li><span class="dfn-paneled" id="term-for-dfn-operation" style="color:initial">operation</span>
     <li><span class="dfn-paneled" id="term-for-dfn-read-only" style="color:initial">read only</span>
     <li><span class="dfn-paneled" id="term-for-dfn-xattr-identifier" style="color:initial">takes an identifier</span>
    </ul>
  </ul>
  <h2 class="no-num no-ref heading settled" id="references"><span class="content">References</span><a class="self-link" href="#references"></a></h2>
  <h3 class="no-num no-ref heading settled" id="normative"><span class="content">Normative References</span><a class="self-link" href="#normative"></a></h3>
  <dl>
   <dt id="biblio-csp3">[CSP3]
   <dd>Mike West. <a href="https://www.w3.org/TR/CSP3/">Content Security Policy Level 3</a>. 15 October 2018. WD. URL: <a href="https://www.w3.org/TR/CSP3/">https://www.w3.org/TR/CSP3/</a>
   <dt id="biblio-dom">[DOM]
   <dd>Anne van Kesteren. <a href="https://dom.spec.whatwg.org/">DOM Standard</a>. Living Standard. URL: <a href="https://dom.spec.whatwg.org/">https://dom.spec.whatwg.org/</a>
   <dt id="biblio-dom-parsing">[DOM-Parsing]
   <dd>Travis Leithead. <a href="https://www.w3.org/TR/DOM-Parsing/">DOM Parsing and Serialization</a>. 17 May 2016. WD. URL: <a href="https://www.w3.org/TR/DOM-Parsing/">https://www.w3.org/TR/DOM-Parsing/</a>
   <dt id="biblio-fetch">[Fetch]
   <dd>Anne van Kesteren. <a href="https://fetch.spec.whatwg.org/">Fetch Standard</a>. Living Standard. URL: <a href="https://fetch.spec.whatwg.org/">https://fetch.spec.whatwg.org/</a>
   <dt id="biblio-html">[HTML]
   <dd>Anne van Kesteren; et al. <a href="https://html.spec.whatwg.org/multipage/">HTML Standard</a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
   <dt id="biblio-infra">[INFRA]
   <dd>Anne van Kesteren; Domenic Denicola. <a href="https://infra.spec.whatwg.org/">Infra Standard</a>. Living Standard. URL: <a href="https://infra.spec.whatwg.org/">https://infra.spec.whatwg.org/</a>
   <dt id="biblio-rfc2119">[RFC2119]
   <dd>S. Bradner. <a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>. March 1997. Best Current Practice. URL: <a href="https://tools.ietf.org/html/rfc2119">https://tools.ietf.org/html/rfc2119</a>
   <dt id="biblio-svg2">[SVG2]
   <dd>Amelia Bellamy-Royds; et al. <a href="https://www.w3.org/TR/SVG2/">Scalable Vector Graphics (SVG) 2</a>. 4 October 2018. CR. URL: <a href="https://www.w3.org/TR/SVG2/">https://www.w3.org/TR/SVG2/</a>
   <dt id="biblio-url">[URL]
   <dd>Anne van Kesteren. <a href="https://url.spec.whatwg.org/">URL Standard</a>. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
   <dt id="biblio-webidl">[WebIDL]
   <dd>Boris Zbarsky. <a href="https://heycam.github.io/webidl/">Web IDL</a>. 15 December 2016. ED. URL: <a href="https://heycam.github.io/webidl/">https://heycam.github.io/webidl/</a>
  </dl>
  <h3 class="no-num no-ref heading settled" id="informative"><span class="content">Informative References</span><a class="self-link" href="#informative"></a></h3>
  <dl>
   <dt id="biblio-html-design-principles">[HTML-DESIGN-PRINCIPLES]
   <dd>Anne van Kesteren; Maciej Stachowiak. <a href="https://www.w3.org/TR/html-design-principles/">HTML Design Principles</a>. 26 November 2007. WD. URL: <a href="https://www.w3.org/TR/html-design-principles/">https://www.w3.org/TR/html-design-principles/</a>
   <dt id="biblio-html5">[HTML5]
   <dd>Ian Hickson; et al. <a href="https://www.w3.org/TR/html5/">HTML5</a>. 27 March 2018. REC. URL: <a href="https://www.w3.org/TR/html5/">https://www.w3.org/TR/html5/</a>
  </dl>
  <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">IDL Index</span><a class="self-link" href="#idl-index"></a></h2>
<pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed⑥"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <a href="#trustedhtml"><code><c- g>TrustedHTML</c-></code></a> {
  <a href="#TrustedHTML-stringification-behavior"><c- b>stringifier</c-></a>;
};

[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed①①"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <a href="#trustedscript"><code><c- g>TrustedScript</c-></code></a> {
  <a href="#TrustedScript-stringification-behavior"><c- b>stringifier</c-></a>;
};

[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed②①"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <a href="#trustedscripturl"><code><c- g>TrustedScriptURL</c-></code></a> {
  <a href="#TrustedScriptURL-stringification-behavior"><c- b>stringifier</c-></a>;
};

[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed③①"><c- g>Exposed</c-></a>=<c- n>Window</c->] <c- b>interface</c-> <a href="#trustedtypepolicyfactory"><code><c- g>TrustedTypePolicyFactory</c-></code></a> {
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①②"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy④①"><c- n>TrustedTypePolicy</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-createpolicy" id="ref-for-dom-trustedtypepolicyfactory-createpolicy②①"><c- g>createPolicy</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②⑥"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyname"><code><c- g>policyName</c-></code></a>, <c- b>optional</c-> <a class="n" data-link-type="idl-name" href="#dictdef-trustedtypepolicyoptions" id="ref-for-dictdef-trustedtypepolicyoptions⑤"><c- n>TrustedTypePolicyOptions</c-></a> <a href="#dom-trustedtypepolicyfactory-createpolicy-policyname-policyoptions-policyoptions"><code><c- g>policyOptions</c-></code></a>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①③"><c- g>Unforgeable</c-></a>] <c- b>sequence</c->&lt;<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①①⓪"><c- b>DOMString</c-></a>> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getpolicynames" id="ref-for-dom-trustedtypepolicyfactory-getpolicynames①"><c- g>getPolicyNames</c-></a>();
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable②①"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean③"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-ishtml" id="ref-for-dom-trustedtypepolicyfactory-ishtml①"><c- g>isHTML</c-></a>(<c- b>any</c-> <a href="#dom-trustedtypepolicyfactory-ishtml-value-value"><code><c- g>value</c-></code></a>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable③①"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean①①"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-isscript" id="ref-for-dom-trustedtypepolicyfactory-isscript①"><c- g>isScript</c-></a>(<c- b>any</c-> <a href="#dom-trustedtypepolicyfactory-isscript-value-value"><code><c- g>value</c-></code></a>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable④①"><c- g>Unforgeable</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-boolean" id="ref-for-idl-boolean②①"><c- b>boolean</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-isscripturl" id="ref-for-dom-trustedtypepolicyfactory-isscripturl①"><c- g>isScriptURL</c-></a>(<c- b>any</c-> <a href="#dom-trustedtypepolicyfactory-isscripturl-value-value"><code><c- g>value</c-></code></a>);
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑤①"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑧"><c- n>TrustedHTML</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedHTML" href="#dom-trustedtypepolicyfactory-emptyhtml" id="ref-for-dom-trustedtypepolicyfactory-emptyhtml①"><c- g>emptyHTML</c-></a>;
    [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑥①"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript①⑦"><c- n>TrustedScript</c-></a> <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedScript" href="#dom-trustedtypepolicyfactory-emptyscript" id="ref-for-dom-trustedtypepolicyfactory-emptyscript①"><c- g>emptyScript</c-></a>;
    <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②⑤"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getattributetype" id="ref-for-dom-trustedtypepolicyfactory-getattributetype①"><c- g>getAttributeType</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString③①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-tagname"><code><c- g>tagName</c-></code></a>,
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString④①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attribute"><code><c- g>attribute</c-></code></a>,
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑤①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-elementns"><code><c- g>elementNs</c-></code></a> = "",
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑥①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getattributetype-tagname-attribute-elementns-attrns-attrns"><code><c- g>attrNs</c-></code></a> = "");
    <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑦①"><c- b>DOMString</c-></a>? <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicyfactory-getpropertytype" id="ref-for-dom-trustedtypepolicyfactory-getpropertytype①"><c- g>getPropertyType</c-></a>(
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑧①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-tagname"><code><c- g>tagName</c-></code></a>,
        <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString⑨①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-property"><code><c- g>property</c-></code></a>,
        <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⓪①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicyfactory-getpropertytype-tagname-property-elementns-elementns"><code><c- g>elementNs</c-></code></a> = "");
    <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#trustedtypepolicy" id="ref-for-trustedtypepolicy⑤①"><c- n>TrustedTypePolicy</c-></a>? <a class="idl-code" data-link-type="attribute" data-readonly data-type="TrustedTypePolicy?" href="#dom-trustedtypepolicyfactory-defaultpolicy" id="ref-for-dom-trustedtypepolicyfactory-defaultpolicy①"><c- g>defaultPolicy</c-></a>;
};

[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed④①"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <a href="#trustedtypepolicy"><code><c- g>TrustedTypePolicy</c-></code></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑦①"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①①①"><c- b>DOMString</c-></a> <a data-readonly data-type="DOMString" href="#dom-trustedtypepolicy-name"><code><c- g>name</c-></code></a>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑧①"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑤①"><c- n>TrustedHTML</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createhtml" id="ref-for-dom-trustedtypepolicy-createhtml①①"><c- g>createHTML</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①②①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicy-createhtml-input-arguments-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-trustedtypepolicy-createhtml-input-arguments-arguments"><code><c- g>arguments</c-></code></a>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable⑨①"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript④①"><c- n>TrustedScript</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createscript" id="ref-for-dom-trustedtypepolicy-createscript①①"><c- g>createScript</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①③①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicy-createscript-input-arguments-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-trustedtypepolicy-createscript-input-arguments-arguments"><code><c- g>arguments</c-></code></a>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①⓪①"><c- g>Unforgeable</c-></a>] <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①②"><c- n>TrustedScriptURL</c-></a> <a class="idl-code" data-link-type="method" href="#dom-trustedtypepolicy-createscripturl" id="ref-for-dom-trustedtypepolicy-createscripturl①①"><c- g>createScriptURL</c-></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①④①"><c- b>DOMString</c-></a> <a href="#dom-trustedtypepolicy-createscripturl-input-arguments-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-trustedtypepolicy-createscripturl-input-arguments-arguments"><code><c- g>arguments</c-></code></a>);
};

<c- b>dictionary</c-> <a href="#dictdef-trustedtypepolicyoptions"><code><c- g>TrustedTypePolicyOptions</c-></code></a> {
   <a class="n" data-link-type="idl-name" href="#callbackdef-createhtmlcallback" id="ref-for-callbackdef-createhtmlcallback①"><c- n>CreateHTMLCallback</c-></a>? <a data-type="CreateHTMLCallback? " href="#dom-trustedtypepolicyoptions-createhtml"><code><c- g>createHTML</c-></code></a>;
   <a class="n" data-link-type="idl-name" href="#callbackdef-createscriptcallback" id="ref-for-callbackdef-createscriptcallback①"><c- n>CreateScriptCallback</c-></a>? <a data-type="CreateScriptCallback? " href="#dom-trustedtypepolicyoptions-createscript"><code><c- g>createScript</c-></code></a>;
   <a class="n" data-link-type="idl-name" href="#callbackdef-createscripturlcallback" id="ref-for-callbackdef-createscripturlcallback①"><c- n>CreateScriptURLCallback</c-></a>? <a data-type="CreateScriptURLCallback? " href="#dom-trustedtypepolicyoptions-createscripturl"><code><c- g>createScriptURL</c-></code></a>;
};
<c- b>callback</c-> <a href="#callbackdef-createhtmlcallback"><code><c- g>CreateHTMLCallback</c-></code></a> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑤①"><c- b>DOMString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑥①"><c- b>DOMString</c-></a> <a href="#dom-createhtmlcallback-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-createhtmlcallback-arguments"><code><c- g>arguments</c-></code></a>);
<c- b>callback</c-> <a href="#callbackdef-createscriptcallback"><code><c- g>CreateScriptCallback</c-></code></a> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑦①"><c- b>DOMString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑧①"><c- b>DOMString</c-></a> <a href="#dom-createscriptcallback-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-createscriptcallback-arguments"><code><c- g>arguments</c-></code></a>);
<c- b>callback</c-> <a href="#callbackdef-createscripturlcallback"><code><c- g>CreateScriptURLCallback</c-></code></a> = <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString②"><c- b>USVString</c-></a> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString①⑨①"><c- b>DOMString</c-></a> <a href="#dom-createscripturlcallback-input"><code><c- g>input</c-></code></a>, <c- b>any</c->... <a href="#dom-createscripturlcallback-arguments"><code><c- g>arguments</c-></code></a>);

<c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②⓪①"><c- b>DOMString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑦①"><c- n>TrustedHTML</c-></a>) <a href="#typedefdef-htmlstring"><code><c- g>HTMLString</c-></code></a>;
<c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②①①"><c- b>DOMString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑥①"><c- n>TrustedScript</c-></a>) <a href="#typedefdef-scriptstring"><code><c- g>ScriptString</c-></code></a>;
<c- b>typedef</c-> (<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-USVString" id="ref-for-idl-USVString①①"><c- b>USVString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑤①"><c- n>TrustedScriptURL</c-></a>) <a href="#typedefdef-scripturlstring"><code><c- g>ScriptURLString</c-></code></a>;
<c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑧①"><c- n>TrustedHTML</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑦①"><c- n>TrustedScript</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑥①"><c- n>TrustedScriptURL</c-></a>) <a href="#typedefdef-trustedtype"><code><c- g>TrustedType</c-></code></a>;

<c- b>typedef</c-> (([<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#TreatNullAs" id="ref-for-TreatNullAs②"><c- g>TreatNullAs</c-></a>=<a class="n" data-link-type="idl-name"><c- n>EmptyString</c-></a>] <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②②①"><c- b>DOMString</c-></a>) <c- b>or</c-> <a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml⑨①"><c- n>TrustedHTML</c-></a>) <a href="#typedefdef-htmlstringdefaultsempty"><code><c- g>HTMLStringDefaultsEmpty</c-></code></a>;

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window③①"><c- g>Window</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Unforgeable" id="ref-for-Unforgeable①①①"><c- g>Unforgeable</c-></a>] <c- b>readonly</c-> <c- b>attribute</c->
      <a class="n" data-link-type="idl-name" href="#trustedtypepolicyfactory" id="ref-for-trustedtypepolicyfactory②①"><c- n>TrustedTypePolicyFactory</c-></a> <a data-readonly data-type="TrustedTypePolicyFactory" href="#dom-window-trustedtypes"><code><c- g>trustedTypes</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#document" id="ref-for-document④①"><c- g>Document</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①④"><c- g>CEReactions</c-></a>] <c- b>void</c-> <a href="#dom-document-write"><code><c- g>write</c-></code></a>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑦①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⓪①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring⑥"><c- n>HTMLString</c-></a>... <a href="#dom-document-write-text-text"><code><c- g>text</c-></code></a>);
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①⑤"><c- g>CEReactions</c-></a>] <c- b>void</c-> <a href="#dom-document-writeln"><code><c- g>writeln</c-></code></a>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes⑧①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①①①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring①①"><c- n>HTMLString</c-></a>... <a href="#dom-document-writeln-text-text"><code><c- g>text</c-></code></a>);
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/scripting.html#htmlscriptelement" id="ref-for-htmlscriptelement②①"><c- g>HTMLScriptElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement④"><c- n>HTMLElement</c-></a> {
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions②①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①②①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑧①"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#TreatNullAs" id="ref-for-TreatNullAs①①"><c- g>TreatNullAs</c-></a>=<a class="n" data-link-type="idl-name"><c- n>EmptyString</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring④"><c- n>ScriptString</c-></a> <a data-type="[TreatNullAs=EmptyString] ScriptString" href="#dom-htmlscriptelement-innertext"><code><c- g>innerText</c-></code></a>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions③①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①③①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript⑨①"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring①①"><c- n>ScriptString</c-></a>? <a data-type="ScriptString?" href="#dom-htmlscriptelement-textcontent"><code><c- g>textContent</c-></code></a>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions④①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①④①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑦①"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring④"><c- n>ScriptURLString</c-></a> <a data-type="ScriptURLString" href="#dom-htmlscriptelement-src"><code><c- g>src</c-></code></a>;
 [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑤①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑤①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscript" id="ref-for-trustedscript①⓪①"><c- n>TrustedScript</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring②①"><c- n>ScriptString</c-></a> <a data-type="ScriptString" href="#dom-htmlscriptelement-text"><code><c- g>text</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmliframeelement" id="ref-for-htmliframeelement①"><c- g>HTMLIFrameElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement①①"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑥①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑥①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①②①"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring②①"><c- n>HTMLString</c-></a> <a data-type="HTMLString" href="#dom-htmliframeelement-srcdoc"><code><c- g>srcdoc</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement" id="ref-for-htmlembedelement①"><c- g>HTMLEmbedElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement②①"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑦①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑦①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑧①"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring①①"><c- n>ScriptURLString</c-></a> <a data-type="ScriptURLString" href="#dom-htmlembedelement-src"><code><c- g>src</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlobjectelement" id="ref-for-htmlobjectelement①"><c- g>HTMLObjectElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://html.spec.whatwg.org/multipage/dom.html#htmlelement" id="ref-for-htmlelement③①"><c- n>HTMLElement</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑧①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑧①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl⑨①"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring②①"><c- n>ScriptURLString</c-></a> <a data-type="ScriptURLString" href="#dom-htmlobjectelement-data"><code><c- g>data</c-></code></a>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions⑨①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes①⑨①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①⓪①"><c- n>TrustedScriptURL</c-></a>] <c- b>attribute</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②③①"><c- b>DOMString</c-></a> <a data-type="DOMString" href="#dom-htmlobjectelement-codebase"><code><c- g>codeBase</c-></code></a>; // obsolete
};

<c- b>typedef</c-> (<a class="n" data-link-type="idl-name" href="#typedefdef-scriptstring" id="ref-for-typedefdef-scriptstring③①"><c- n>ScriptString</c-></a> <c- b>or</c-> <a class="n" data-link-type="idl-name" href="https://heycam.github.io/webidl/#Function" id="ref-for-Function③"><c- n>Function</c-></a>) <a href="#typedefdef-trustedtimerhandler"><code><c- g>TrustedTimerHandler</c-></code></a>;

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope" id="ref-for-windoworworkerglobalscope①①"><c- g>WindowOrWorkerGlobalScope</c-></a> {
  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long④"><c- b>long</c-></a> <a href="#dom-windoworworkerglobalscope-settimeout"><code><c- g>setTimeout</c-></code></a>(<a class="n" data-link-type="idl-name" href="#typedefdef-trustedtimerhandler" id="ref-for-typedefdef-trustedtimerhandler②"><c- n>TrustedTimerHandler</c-></a> <a href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-handler"><code><c- g>handler</c-></code></a>, <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long①①"><c- b>long</c-></a> <a href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-timeout"><code><c- g>timeout</c-></code></a> = 0, <c- b>any</c->... <a href="#dom-windoworworkerglobalscope-settimeout-handler-timeout-arguments-arguments"><code><c- g>arguments</c-></code></a>);
  <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long②①"><c- b>long</c-></a> <a href="#dom-windoworworkerglobalscope-setinterval"><code><c- g>setInterval</c-></code></a>(<a class="n" data-link-type="idl-name" href="#typedefdef-trustedtimerhandler" id="ref-for-typedefdef-trustedtimerhandler①①"><c- n>TrustedTimerHandler</c-></a> <a href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-handler"><code><c- g>handler</c-></code></a>, <c- b>optional</c-> <a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-long" id="ref-for-idl-long③①"><c- b>long</c-></a> <a href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-timeout"><code><c- g>timeout</c-></code></a> = 0, <c- b>any</c->... <a href="#dom-windoworworkerglobalscope-setinterval-handler-timeout-arguments-arguments"><code><c- g>arguments</c-></code></a>);
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface" href="https://svgwg.org/svg2-draft/interact.html#InterfaceSVGScriptElement" id="ref-for-InterfaceSVGScriptElement①①"><c- g>SVGScriptElement</c-></a> : <a class="n" data-link-type="idl-name" href="https://svgwg.org/svg2-draft/types.html#InterfaceSVGElement" id="ref-for-InterfaceSVGElement①"><c- n>SVGElement</c-></a> {
 // overwrites the definition in SVGURIReference.
 [<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②⓪①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedscripturl" id="ref-for-trustedscripturl①①①"><c- n>TrustedScriptURL</c-></a>] <c- b>readonly</c-> <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-scripturlstring" id="ref-for-typedefdef-scripturlstring③①"><c- n>ScriptURLString</c-></a> <a data-readonly data-type="ScriptURLString" href="#dom-svgscriptelement-href"><code><c- g>href</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#element" id="ref-for-element⑦①"><c- g>Element</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①⓪①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②①①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①③①"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstringdefaultsempty" id="ref-for-typedefdef-htmlstringdefaultsempty①①"><c- n>HTMLStringDefaultsEmpty</c-></a> <a data-type="HTMLStringDefaultsEmpty" href="#dom-element-outerhtml"><code><c- g>outerHTML</c-></code></a>;
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①①①"><c- g>CEReactions</c-></a>] <c- b>void</c-> <a href="#dom-element-insertadjacenthtml"><code><c- g>insertAdjacentHTML</c-></code></a>(<a class="idl-code" data-link-type="interface" href="https://heycam.github.io/webidl/#idl-DOMString" id="ref-for-idl-DOMString②④①"><c- b>DOMString</c-></a> <a href="#dom-element-insertadjacenthtml-position-text-position"><code><c- g>position</c-></code></a>, [<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②②①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①④①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring③①"><c- n>HTMLString</c-></a> <a href="#dom-element-insertadjacenthtml-position-text-text"><code><c- g>text</c-></code></a>);
};

<c- b>partial</c-> <c- b>interface</c-> <c- b>mixin</c-> <a class="idl-code" data-link-type="interface"><c- g>InnerHTML</c-></a> { // specified in a draft version at https://w3c.github.io/DOM-Parsing/#the-innerhtml-mixin
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①②①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②③①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑤①"><c- n>TrustedHTML</c-></a>] <c- b>attribute</c-> <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstringdefaultsempty" id="ref-for-typedefdef-htmlstringdefaultsempty②①"><c- n>HTMLStringDefaultsEmpty</c-></a> <a data-type="HTMLStringDefaultsEmpty" href="#dom-innerhtml-innerhtml"><code><c- g>innerHTML</c-></code></a>;
};

<c- b>partial</c-> <c- b>interface</c-> <a class="idl-code" data-link-type="interface" href="https://dom.spec.whatwg.org/#range" id="ref-for-range①"><c- g>Range</c-></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://html.spec.whatwg.org/multipage/custom-elements.html#cereactions" id="ref-for-cereactions①③①"><c- g>CEReactions</c-></a>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#NewObject" id="ref-for-NewObject②"><c- g>NewObject</c-></a>] <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#documentfragment" id="ref-for-documentfragment①"><c- n>DocumentFragment</c-></a> <a href="#dom-range-createcontextualfragment"><code><c- g>createContextualFragment</c-></code></a>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②④①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑥①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring④①"><c- n>HTMLString</c-></a> <a href="#dom-range-createcontextualfragment-fragment-fragment"><code><c- g>fragment</c-></code></a>);
};

[<a href="#dom-domparser-domparser"><code><c- g>Constructor</c-></code></a>, <a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#Exposed" id="ref-for-Exposed⑤①"><c- g>Exposed</c-></a>=<c- n>Window</c->]
<c- b>interface</c-> <a href="#domparser"><code><c- g>DOMParser</c-></code></a> {
  [<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#NewObject" id="ref-for-NewObject①①"><c- g>NewObject</c-></a>] <a class="n" data-link-type="idl-name" href="https://dom.spec.whatwg.org/#document" id="ref-for-document⑤①"><c- n>Document</c-></a> <a href="#dom-domparser-parsefromstring"><code><c- g>parseFromString</c-></code></a>([<a class="idl-code" data-link-type="extended-attribute" href="#extendedattrdef-trustedtypes" id="ref-for-extendedattrdef-trustedtypes②⑤①"><c- g>TrustedTypes</c-></a>=<a class="n" data-link-type="idl-name" href="#trustedhtml" id="ref-for-trustedhtml①⑦①"><c- n>TrustedHTML</c-></a>] <a class="n" data-link-type="idl-name" href="#typedefdef-htmlstring" id="ref-for-typedefdef-htmlstring⑤①"><c- n>HTMLString</c-></a> <a href="#dom-domparser-parsefromstring-str-type-str"><code><c- g>str</c-></code></a>, <a class="n" data-link-type="idl-name" href="https://www.w3.org/TR/DOM-Parsing/#h-the-domparser-interface" id="ref-for-h-the-domparser-interface①"><c- n>SupportedType</c-></a> <a href="#dom-domparser-parsefromstring-str-type-type"><code><c- g>type</c-></code></a>);
};

</pre>
  <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
  <div style="counter-reset:issue">
   <div class="issue"> Update when workers have TT.<a href="#issue-b92c7a17"> ↵ </a></div>
   <div class="issue"> Remove hardcoding 'script' when new sink groups are specified.<a href="#issue-adaa63a4"> ↵ </a></div>
   <div class="issue"> Update when workers have TT.<a href="#issue-b92c7a17①"> ↵ </a></div>
   <div class="issue"> Remove hardcoding 'script' when new sink types are specified.<a href="#issue-672bcf0f"> ↵ </a></div>
   <div class="issue"> Synchronize when TT are added to workers (perhaps use "has a CSP list"?)<a href="#issue-74c24ff1"> ↵ </a></div>
   <div class="issue"> <a href="https://heycam.github.io/webidl/#TreatNullAs">TreatNullAs=EmptyString</a> is confusing.
See note "It should not be used in specifications unless ...".
For some sinks a <code>null</code> value will result in "", and "null" for others.
This already caused problems in the polyfill. <a href="https://github.com/w3c/webappsec-trusted-types/issues/2">&lt;https://github.com/w3c/webappsec-trusted-types/issues/2></a><a href="#issue-52d7d8d6"> ↵ </a></div>
   <div class="issue"> Define for workers.<a href="#issue-a5679137"> ↵ </a></div>
   <div class="issue"> Remove the note when the API in Chrome is shipped.<a href="#issue-3d9ee9e6"> ↵ </a></div>
   <div class="issue"> Figure out what to do with script.setAttribute('src'). See <a href="https://github.com/whatwg/dom/issues/789">DOM#789</a>.<a href="#issue-62c0f2c6"> ↵ </a></div>
   <div class="issue"> Add base.href enforcement.<a href="#issue-13577559"> ↵ </a></div>
   <div class="issue"> Remove when <a href="https://github.com/whatwg/dom/pull/809">DOM #809</a> is merged.<a href="#issue-52c8f9b0"> ↵ </a></div>
   <div class="issue"> This depends on a solution to <a href="https://github.com/w3c/webappsec-trusted-types/issues/144">issue #144</a> like <a href="https://github.com/tc39-transfer/dynamic-code-brand-checks#problem-host-callout-does-not-receive-type-information">TC39 HostBeforeCompile</a><a href="#issue-e28ea232"> ↵ </a></div>
   <div class="issue"> In some cases, the violation "<code>'report-sample'</code>" contain the result of
applying the default policy to a string argument which differs.
Specifically when, there is a <a data-link-type="dfn" href="#default-policy">default policy</a>, <var>isExempt</var> is false,
and <var>source</var> there is a CSP policy for either the <var>callerRealm</var> or <var>callerRealm</var> that disallows "<code>'unsafe-eval'"</code>.
Is this a feature or a bug?<a href="#issue-649f8da4"> ↵ </a></div>
   <div class="issue"> Refer to the external document on secure policy design.<a href="#issue-2eb927d2"> ↵ </a></div>
  </div>
  <aside class="dfn-panel" data-for="injection-sink">
   <b><a href="#injection-sink">#injection-sink</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-injection-sink">1. Introduction</a>
    <li><a href="#ref-for-injection-sink①">2.1. Injection sinks</a>
    <li><a href="#ref-for-injection-sink②">2.1.1. HTML injection sinks</a>
    <li><a href="#ref-for-injection-sink③">2.1.2. DOM XSS injection sinks</a>
    <li><a href="#ref-for-injection-sink④">2.2. Trusted Types</a>
    <li><a href="#ref-for-injection-sink⑤">2.2.1. TrustedHTML</a>
    <li><a href="#ref-for-injection-sink⑥">2.2.2. TrustedScript</a>
    <li><a href="#ref-for-injection-sink⑦">2.2.3. TrustedScriptURL</a>
    <li><a href="#ref-for-injection-sink⑧">2.3. Policies</a> <a href="#ref-for-injection-sink⑨">(2)</a> <a href="#ref-for-injection-sink①⓪">(3)</a> <a href="#ref-for-injection-sink①①">(4)</a>
    <li><a href="#ref-for-injection-sink①②">2.3.4. Default policy</a> <a href="#ref-for-injection-sink①③">(2)</a>
    <li><a href="#ref-for-injection-sink①④">2.4. Enforcement</a> <a href="#ref-for-injection-sink①⑤">(2)</a> <a href="#ref-for-injection-sink①⑥">(3)</a>
    <li><a href="#ref-for-injection-sink①⑦">2.4.1. Content Security Policy</a>
    <li><a href="#ref-for-injection-sink①⑧">2.4.2. TrustedTypes extended attribute</a>
    <li><a href="#ref-for-injection-sink①⑨">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-injection-sink②⓪">3.4. Process value with a default policy</a>
    <li><a href="#ref-for-injection-sink②①">4.5.1. require-trusted-types-for directive</a> <a href="#ref-for-injection-sink②②">(2)</a>
    <li><a href="#ref-for-injection-sink②③">4.5.2. trusted-types directive</a> <a href="#ref-for-injection-sink②④">(2)</a>
    <li><a href="#ref-for-injection-sink②⑤">4.5.3. Should sink type mismatch violation be blocked by Content Security Policy?</a>
    <li><a href="#ref-for-injection-sink②⑥">5. Security Considerations</a>
    <li><a href="#ref-for-injection-sink②⑦">5.3. Best practices for policy design</a> <a href="#ref-for-injection-sink②⑧">(2)</a>
    <li><a href="#ref-for-injection-sink②⑨">6.1. Vendor-specific Extensions and Addons</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trusted-type">
   <b><a href="#trusted-type">#trusted-type</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trusted-type">2.3. Policies</a>
    <li><a href="#ref-for-trusted-type①">2.3.1. TrustedTypePolicyFactory</a>
    <li><a href="#ref-for-trusted-type②">2.3.3. TrustedTypePolicyOptions</a>
    <li><a href="#ref-for-trusted-type③">2.4. Enforcement</a>
    <li><a href="#ref-for-trusted-type④">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-trusted-type⑤">4.5.3. Should sink type mismatch violation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedhtml">
   <b><a href="#trustedhtml">#trustedhtml</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedhtml">2.3. Policies</a>
    <li><a href="#ref-for-trustedhtml①">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-trustedhtml②">(2)</a> <a href="#ref-for-trustedhtml③">(3)</a> <a href="#ref-for-trustedhtml④">(4)</a>
    <li><a href="#ref-for-trustedhtml⑤">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-trustedhtml⑥">2.4.2. TrustedTypes extended attribute</a>
    <li><a href="#ref-for-trustedhtml⑦">4. Integrations</a> <a href="#ref-for-trustedhtml⑧">(2)</a> <a href="#ref-for-trustedhtml⑨">(3)</a>
    <li><a href="#ref-for-trustedhtml①⓪">4.1.2. Extensions to the Document interface</a> <a href="#ref-for-trustedhtml①①">(2)</a>
    <li><a href="#ref-for-trustedhtml①②">4.1.4. Enforcement in element attributes</a>
    <li><a href="#ref-for-trustedhtml①③">4.4. Integration with DOM Parsing</a> <a href="#ref-for-trustedhtml①④">(2)</a> <a href="#ref-for-trustedhtml①⑤">(3)</a> <a href="#ref-for-trustedhtml①⑥">(4)</a> <a href="#ref-for-trustedhtml①⑦">(5)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedscript">
   <b><a href="#trustedscript">#trustedscript</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedscript">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-trustedscript①">(2)</a> <a href="#ref-for-trustedscript②">(3)</a> <a href="#ref-for-trustedscript③">(4)</a>
    <li><a href="#ref-for-trustedscript④">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-trustedscript⑤">2.4.2. TrustedTypes extended attribute</a>
    <li><a href="#ref-for-trustedscript⑥">4. Integrations</a> <a href="#ref-for-trustedscript⑦">(2)</a>
    <li><a href="#ref-for-trustedscript⑧">4.1.3.2. Setting slot values</a> <a href="#ref-for-trustedscript⑨">(2)</a> <a href="#ref-for-trustedscript①⓪">(3)</a>
    <li><a href="#ref-for-trustedscript①①">4.1.5. Enforcement in timer functions</a> <a href="#ref-for-trustedscript①②">(2)</a>
    <li><a href="#ref-for-trustedscript①③">4.1.6. Enforcement in event handler content attributes</a>
    <li><a href="#ref-for-trustedscript①④">4.5.1.1. require-trusted-types-for Pre-Navigation check</a> <a href="#ref-for-trustedscript①⑤">(2)</a>
    <li><a href="#ref-for-trustedscript①⑥">4.5.6. Support for eval(TrustedScript)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedscripturl">
   <b><a href="#trustedscripturl">#trustedscripturl</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedscripturl">2.3.1. TrustedTypePolicyFactory</a>
    <li><a href="#ref-for-trustedscripturl①">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-trustedscripturl②">2.4.2. TrustedTypes extended attribute</a>
    <li><a href="#ref-for-trustedscripturl③">3.5. Prepare the script URL and text</a> <a href="#ref-for-trustedscripturl④">(2)</a>
    <li><a href="#ref-for-trustedscripturl⑤">4. Integrations</a> <a href="#ref-for-trustedscripturl⑥">(2)</a>
    <li><a href="#ref-for-trustedscripturl⑦">4.1.3.2. Setting slot values</a>
    <li><a href="#ref-for-trustedscripturl⑧">4.1.4. Enforcement in element attributes</a> <a href="#ref-for-trustedscripturl⑨">(2)</a> <a href="#ref-for-trustedscripturl①⓪">(3)</a>
    <li><a href="#ref-for-trustedscripturl①①">4.2. Integration with SVG</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="policies">
   <b><a href="#policies">#policies</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-policies">1. Introduction</a>
    <li><a href="#ref-for-policies①">1.3. Use cases</a>
    <li><a href="#ref-for-policies②">2.3. Policies</a>
    <li><a href="#ref-for-policies③">2.4. Enforcement</a>
    <li><a href="#ref-for-policies④">2.4.1. Content Security Policy</a>
    <li><a href="#ref-for-policies⑤">4.5.2. trusted-types directive</a>
    <li><a href="#ref-for-policies⑥">5.3. Best practices for policy design</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedtypepolicyfactory">
   <b><a href="#trustedtypepolicyfactory">#trustedtypepolicyfactory</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedtypepolicyfactory">3.1. Create a Trusted Type Policy</a>
    <li><a href="#ref-for-trustedtypepolicyfactory①">4.1. Integration with HTML</a>
    <li><a href="#ref-for-trustedtypepolicyfactory②">4.1.1. Extensions to the Window interface</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-createpolicy">
   <b><a href="#dom-trustedtypepolicyfactory-createpolicy">#dom-trustedtypepolicyfactory-createpolicy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-createpolicy">2.3. Policies</a> <a href="#ref-for-dom-trustedtypepolicyfactory-createpolicy①">(2)</a>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-createpolicy②">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-getpolicynames">
   <b><a href="#dom-trustedtypepolicyfactory-getpolicynames">#dom-trustedtypepolicyfactory-getpolicynames</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-getpolicynames">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-ishtml">
   <b><a href="#dom-trustedtypepolicyfactory-ishtml">#dom-trustedtypepolicyfactory-ishtml</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-ishtml">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-isscript">
   <b><a href="#dom-trustedtypepolicyfactory-isscript">#dom-trustedtypepolicyfactory-isscript</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-isscript">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-isscripturl">
   <b><a href="#dom-trustedtypepolicyfactory-isscripturl">#dom-trustedtypepolicyfactory-isscripturl</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-isscripturl">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-getpropertytype">
   <b><a href="#dom-trustedtypepolicyfactory-getpropertytype">#dom-trustedtypepolicyfactory-getpropertytype</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-getpropertytype">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-getattributetype">
   <b><a href="#dom-trustedtypepolicyfactory-getattributetype">#dom-trustedtypepolicyfactory-getattributetype</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-getattributetype">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-emptyhtml">
   <b><a href="#dom-trustedtypepolicyfactory-emptyhtml">#dom-trustedtypepolicyfactory-emptyhtml</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-emptyhtml">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-emptyscript">
   <b><a href="#dom-trustedtypepolicyfactory-emptyscript">#dom-trustedtypepolicyfactory-emptyscript</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-emptyscript">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyfactory-defaultpolicy">
   <b><a href="#dom-trustedtypepolicyfactory-defaultpolicy">#dom-trustedtypepolicyfactory-defaultpolicy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyfactory-defaultpolicy">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedtypepolicy">
   <b><a href="#trustedtypepolicy">#trustedtypepolicy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedtypepolicy">2.2.1. TrustedHTML</a>
    <li><a href="#ref-for-trustedtypepolicy①">2.2.2. TrustedScript</a>
    <li><a href="#ref-for-trustedtypepolicy②">2.2.3. TrustedScriptURL</a>
    <li><a href="#ref-for-trustedtypepolicy③">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-trustedtypepolicy④">(2)</a> <a href="#ref-for-trustedtypepolicy⑤">(3)</a> <a href="#ref-for-trustedtypepolicy⑥">(4)</a> <a href="#ref-for-trustedtypepolicy⑦">(5)</a>
    <li><a href="#ref-for-trustedtypepolicy⑧">2.3.3. TrustedTypePolicyOptions</a>
    <li><a href="#ref-for-trustedtypepolicy⑨">3.1. Create a Trusted Type Policy</a> <a href="#ref-for-trustedtypepolicy①⓪">(2)</a>
    <li><a href="#ref-for-trustedtypepolicy①①">3.2. Create a Trusted Type</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trustedtypepolicy-name">
   <b><a href="#trustedtypepolicy-name">#trustedtypepolicy-name</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trustedtypepolicy-name">2.3.4. Default policy</a>
    <li><a href="#ref-for-trustedtypepolicy-name①">3.2. Create a Trusted Type</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicy-createhtml">
   <b><a href="#dom-trustedtypepolicy-createhtml">#dom-trustedtypepolicy-createhtml</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicy-createhtml">2.2.1. TrustedHTML</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createhtml①">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createhtml②">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicy-createscript">
   <b><a href="#dom-trustedtypepolicy-createscript">#dom-trustedtypepolicy-createscript</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscript">2.2.2. TrustedScript</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscript①">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscript②">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicy-createscripturl">
   <b><a href="#dom-trustedtypepolicy-createscripturl">#dom-trustedtypepolicy-createscripturl</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscripturl">2.2.3. TrustedScriptURL</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscripturl①">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-dom-trustedtypepolicy-createscripturl②">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dictdef-trustedtypepolicyoptions">
   <b><a href="#dictdef-trustedtypepolicyoptions">#dictdef-trustedtypepolicyoptions</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dictdef-trustedtypepolicyoptions">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-dictdef-trustedtypepolicyoptions①">(2)</a>
    <li><a href="#ref-for-dictdef-trustedtypepolicyoptions②">2.3.2. TrustedTypePolicy</a>
    <li><a href="#ref-for-dictdef-trustedtypepolicyoptions③">3.1. Create a Trusted Type Policy</a> <a href="#ref-for-dictdef-trustedtypepolicyoptions④">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyoptions-createhtml">
   <b><a href="#dom-trustedtypepolicyoptions-createhtml">#dom-trustedtypepolicyoptions-createhtml</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyoptions-createhtml">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyoptions-createscript">
   <b><a href="#dom-trustedtypepolicyoptions-createscript">#dom-trustedtypepolicyoptions-createscript</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyoptions-createscript">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-trustedtypepolicyoptions-createscripturl">
   <b><a href="#dom-trustedtypepolicyoptions-createscripturl">#dom-trustedtypepolicyoptions-createscripturl</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-trustedtypepolicyoptions-createscripturl">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="callbackdef-createhtmlcallback">
   <b><a href="#callbackdef-createhtmlcallback">#callbackdef-createhtmlcallback</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-callbackdef-createhtmlcallback">2.3.3. TrustedTypePolicyOptions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="callbackdef-createscriptcallback">
   <b><a href="#callbackdef-createscriptcallback">#callbackdef-createscriptcallback</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-callbackdef-createscriptcallback">2.3.3. TrustedTypePolicyOptions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="callbackdef-createscripturlcallback">
   <b><a href="#callbackdef-createscripturlcallback">#callbackdef-createscripturlcallback</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-callbackdef-createscripturlcallback">2.3.3. TrustedTypePolicyOptions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="default-policy">
   <b><a href="#default-policy">#default-policy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-default-policy">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
    <li><a href="#ref-for-default-policy①">4.5.2. trusted-types directive</a>
    <li><a href="#ref-for-default-policy②">4.5.6. Support for eval(TrustedScript)</a> <a href="#ref-for-default-policy③">(2)</a>
    <li><a href="#ref-for-default-policy④">6.1. Vendor-specific Extensions and Addons</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="enforcement">
   <b><a href="#enforcement">#enforcement</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-enforcement">1.3. Use cases</a>
    <li><a href="#ref-for-enforcement①">2.1. Injection sinks</a>
    <li><a href="#ref-for-enforcement②">2.1.1. HTML injection sinks</a>
    <li><a href="#ref-for-enforcement③">2.3. Policies</a> <a href="#ref-for-enforcement④">(2)</a>
    <li><a href="#ref-for-enforcement⑤">2.3.4. Default policy</a>
    <li><a href="#ref-for-enforcement⑥">3.3. Get Trusted Type compliant string</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="extendedattrdef-trustedtypes">
   <b><a href="#extendedattrdef-trustedtypes">#extendedattrdef-trustedtypes</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-extendedattrdef-trustedtypes">2.3.1. TrustedTypePolicyFactory</a> <a href="#ref-for-extendedattrdef-trustedtypes①">(2)</a> <a href="#ref-for-extendedattrdef-trustedtypes②">(3)</a> <a href="#ref-for-extendedattrdef-trustedtypes③">(4)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes④">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-extendedattrdef-trustedtypes⑤">(2)</a> <a href="#ref-for-extendedattrdef-trustedtypes⑥">(3)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes⑦">4.1.2. Extensions to the Document interface</a> <a href="#ref-for-extendedattrdef-trustedtypes⑧">(2)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes⑨">4.1.3.1. Slots with trusted values</a> <a href="#ref-for-extendedattrdef-trustedtypes①⓪">(2)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes①①">4.1.3.2. Setting slot values</a> <a href="#ref-for-extendedattrdef-trustedtypes①②">(2)</a> <a href="#ref-for-extendedattrdef-trustedtypes①③">(3)</a> <a href="#ref-for-extendedattrdef-trustedtypes①④">(4)</a> <a href="#ref-for-extendedattrdef-trustedtypes①⑤">(5)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes①⑥">4.1.4. Enforcement in element attributes</a> <a href="#ref-for-extendedattrdef-trustedtypes①⑦">(2)</a> <a href="#ref-for-extendedattrdef-trustedtypes①⑧">(3)</a> <a href="#ref-for-extendedattrdef-trustedtypes①⑨">(4)</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes②⓪">4.2. Integration with SVG</a>
    <li><a href="#ref-for-extendedattrdef-trustedtypes②①">4.4. Integration with DOM Parsing</a> <a href="#ref-for-extendedattrdef-trustedtypes②②">(2)</a> <a href="#ref-for-extendedattrdef-trustedtypes②③">(3)</a> <a href="#ref-for-extendedattrdef-trustedtypes②④">(4)</a> <a href="#ref-for-extendedattrdef-trustedtypes②⑤">(5)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-create-a-trusted-type-policy">
   <b><a href="#abstract-opdef-create-a-trusted-type-policy">#abstract-opdef-create-a-trusted-type-policy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-create-a-trusted-type-policy">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-create-a-trusted-type">
   <b><a href="#abstract-opdef-create-a-trusted-type">#abstract-opdef-create-a-trusted-type</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-create-a-trusted-type">2.3.2. TrustedTypePolicy</a> <a href="#ref-for-abstract-opdef-create-a-trusted-type①">(2)</a> <a href="#ref-for-abstract-opdef-create-a-trusted-type②">(3)</a>
    <li><a href="#ref-for-abstract-opdef-create-a-trusted-type③">3.4. Process value with a default policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-get-trusted-type-compliant-string">
   <b><a href="#abstract-opdef-get-trusted-type-compliant-string">#abstract-opdef-get-trusted-type-compliant-string</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string①">(2)</a>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string②">3.2. Create a Trusted Type</a>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string③">3.5. Prepare the script URL and text</a> <a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string④">(2)</a>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string⑤">4.1.5. Enforcement in timer functions</a>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string⑥">4.1.6. Enforcement in event handler content attributes</a>
    <li><a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string⑦">4.5.6. Support for eval(TrustedScript)</a> <a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string⑧">(2)</a> <a href="#ref-for-abstract-opdef-get-trusted-type-compliant-string⑨">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-process-value-with-a-default-policy">
   <b><a href="#abstract-opdef-process-value-with-a-default-policy">#abstract-opdef-process-value-with-a-default-policy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-process-value-with-a-default-policy">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-abstract-opdef-process-value-with-a-default-policy①">4.5.1.1. require-trusted-types-for Pre-Navigation check</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-prepare-the-script-url-and-text">
   <b><a href="#abstract-opdef-prepare-the-script-url-and-text">#abstract-opdef-prepare-the-script-url-and-text</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-prepare-the-script-url-and-text">4.1.3.3. Slot value verification</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-htmlstring">
   <b><a href="#typedefdef-htmlstring">#typedefdef-htmlstring</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-htmlstring">4.1.2. Extensions to the Document interface</a> <a href="#ref-for-typedefdef-htmlstring①">(2)</a>
    <li><a href="#ref-for-typedefdef-htmlstring②">4.1.4. Enforcement in element attributes</a>
    <li><a href="#ref-for-typedefdef-htmlstring③">4.4. Integration with DOM Parsing</a> <a href="#ref-for-typedefdef-htmlstring④">(2)</a> <a href="#ref-for-typedefdef-htmlstring⑤">(3)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-scriptstring">
   <b><a href="#typedefdef-scriptstring">#typedefdef-scriptstring</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-scriptstring">4.1.3.2. Setting slot values</a> <a href="#ref-for-typedefdef-scriptstring①">(2)</a> <a href="#ref-for-typedefdef-scriptstring②">(3)</a>
    <li><a href="#ref-for-typedefdef-scriptstring③">4.1.5. Enforcement in timer functions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-scripturlstring">
   <b><a href="#typedefdef-scripturlstring">#typedefdef-scripturlstring</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-scripturlstring">4.1.3.2. Setting slot values</a>
    <li><a href="#ref-for-typedefdef-scripturlstring①">4.1.4. Enforcement in element attributes</a> <a href="#ref-for-typedefdef-scripturlstring②">(2)</a>
    <li><a href="#ref-for-typedefdef-scripturlstring③">4.2. Integration with SVG</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-trustedtype">
   <b><a href="#typedefdef-trustedtype">#typedefdef-trustedtype</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-trustedtype">3.3. Get Trusted Type compliant string</a> <a href="#ref-for-typedefdef-trustedtype①">(2)</a>
    <li><a href="#ref-for-typedefdef-trustedtype②">3.4. Process value with a default policy</a> <a href="#ref-for-typedefdef-trustedtype③">(2)</a>
    <li><a href="#ref-for-typedefdef-trustedtype④">4.1.5. Enforcement in timer functions</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-htmlstringdefaultsempty">
   <b><a href="#typedefdef-htmlstringdefaultsempty">#typedefdef-htmlstringdefaultsempty</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-htmlstringdefaultsempty">4. Integrations</a>
    <li><a href="#ref-for-typedefdef-htmlstringdefaultsempty①">4.4. Integration with DOM Parsing</a> <a href="#ref-for-typedefdef-htmlstringdefaultsempty②">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="window-trusted-type-policy-factory">
   <b><a href="#window-trusted-type-policy-factory">#window-trusted-type-policy-factory</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-window-trusted-type-policy-factory">2.4.2. TrustedTypes extended attribute</a> <a href="#ref-for-window-trusted-type-policy-factory①">(2)</a>
    <li><a href="#ref-for-window-trusted-type-policy-factory②">3.4. Process value with a default policy</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-window-trustedtypes">
   <b><a href="#dom-window-trustedtypes">#dom-window-trustedtypes</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-window-trustedtypes">2.4. Enforcement</a>
    <li><a href="#ref-for-dom-window-trustedtypes①">4.1.1. Extensions to the Window interface</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-document-write">
   <b><a href="#dom-document-write">#dom-document-write</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-document-write">2.1.1. HTML injection sinks</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-htmlscriptelement-src">
   <b><a href="#dom-htmlscriptelement-src">#dom-htmlscriptelement-src</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-htmlscriptelement-src">2.1.2. DOM XSS injection sinks</a>
    <li><a href="#ref-for-dom-htmlscriptelement-src①">4.1.3.1. Slots with trusted values</a>
    <li><a href="#ref-for-dom-htmlscriptelement-src②">4.1.3.2. Setting slot values</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-htmlscriptelement-text">
   <b><a href="#dom-htmlscriptelement-text">#dom-htmlscriptelement-text</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-htmlscriptelement-text">2.1.2. DOM XSS injection sinks</a>
    <li><a href="#ref-for-dom-htmlscriptelement-text①">4.1.3.2. Setting slot values</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="typedefdef-trustedtimerhandler">
   <b><a href="#typedefdef-trustedtimerhandler">#typedefdef-trustedtimerhandler</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-typedefdef-trustedtimerhandler">4.1.5. Enforcement in timer functions</a> <a href="#ref-for-typedefdef-trustedtimerhandler①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="concept-element-attributes-validation-ext">
   <b><a href="#concept-element-attributes-validation-ext">#concept-element-attributes-validation-ext</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-concept-element-attributes-validation-ext">4.3. Integration with DOM</a> <a href="#ref-for-concept-element-attributes-validation-ext①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="dom-domparser-parsefromstring">
   <b><a href="#dom-domparser-parsefromstring">#dom-domparser-parsefromstring</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-dom-domparser-parsefromstring">2.1.1. HTML injection sinks</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trusted-types-sink-group">
   <b><a href="#trusted-types-sink-group">#trusted-types-sink-group</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trusted-types-sink-group">2.1. Injection sinks</a>
    <li><a href="#ref-for-trusted-types-sink-group①">2.1.1. HTML injection sinks</a>
    <li><a href="#ref-for-trusted-types-sink-group②">2.1.2. DOM XSS injection sinks</a>
    <li><a href="#ref-for-trusted-types-sink-group③">3.3. Get Trusted Type compliant string</a>
    <li><a href="#ref-for-trusted-types-sink-group④">4.5.1. require-trusted-types-for directive</a> <a href="#ref-for-trusted-types-sink-group⑤">(2)</a>
    <li><a href="#ref-for-trusted-types-sink-group⑥">4.5.3. Should sink type mismatch violation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="trusted-types-directive">
   <b><a href="#trusted-types-directive">#trusted-types-directive</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-trusted-types-directive">2.3.1. TrustedTypePolicyFactory</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="serialized-tt-configuration">
   <b><a href="#serialized-tt-configuration">#serialized-tt-configuration</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-serialized-tt-configuration">4.5.2. trusted-types directive</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="tt-expression">
   <b><a href="#tt-expression">#tt-expression</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-tt-expression">4.5.2. trusted-types directive</a> <a href="#ref-for-tt-expression①">(2)</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="tt-policy-name">
   <b><a href="#tt-policy-name">#tt-policy-name</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-tt-policy-name">4.5.2. trusted-types directive</a>
    <li><a href="#ref-for-tt-policy-name①">4.5.4. Should Trusted Type policy creation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="tt-keyword">
   <b><a href="#tt-keyword">#tt-keyword</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-tt-keyword">4.5.2. trusted-types directive</a>
    <li><a href="#ref-for-tt-keyword①">4.5.4. Should Trusted Type policy creation be blocked by Content Security Policy?</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">
   <b><a href="#abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">#abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-should-sink-type-mismatch-violation-be-blocked-by-content-security-policy">3.3. Get Trusted Type compliant string</a>
   </ul>
  </aside>
  <aside class="dfn-panel" data-for="abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">
   <b><a href="#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy</a></b><b>Referenced in:</b>
   <ul>
    <li><a href="#ref-for-abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy">3.1. Create a Trusted Type Policy</a>
   </ul>
  </aside>
<script>/* script-dfn-panel */

document.body.addEventListener("click", function(e) {
    var queryAll = function(sel) { return [].slice.call(document.querySelectorAll(sel)); }
    // Find the dfn element or panel, if any, that was clicked on.
    var el = e.target;
    var target;
    var hitALink = false;
    while(el.parentElement) {
        if(el.tagName == "A") {
            // Clicking on a link in a <dfn> shouldn't summon the panel
            hitALink = true;
        }
        if(el.classList.contains("dfn-paneled")) {
            target = "dfn";
            break;
        }
        if(el.classList.contains("dfn-panel")) {
            target = "dfn-panel";
            break;
        }
        el = el.parentElement;
    }
    if(target != "dfn-panel") {
        // Turn off any currently "on" or "activated" panels.
        queryAll(".dfn-panel.on, .dfn-panel.activated").forEach(function(el){
            el.classList.remove("on");
            el.classList.remove("activated");
        });
    }
    if(target == "dfn" && !hitALink) {
        // open the panel
        var dfnPanel = document.querySelector(".dfn-panel[data-for='" + el.id + "']");
        if(dfnPanel) {
            dfnPanel.classList.add("on");
            var rect = el.getBoundingClientRect();
            dfnPanel.style.left = window.scrollX + rect.right + 5 + "px";
            dfnPanel.style.top = window.scrollY + rect.top + "px";
            var panelRect = dfnPanel.getBoundingClientRect();
            var panelWidth = panelRect.right - panelRect.left;
            if(panelRect.right > document.body.scrollWidth && (rect.left - (panelWidth + 5)) > 0) {
                // Reposition, because the panel is overflowing
                dfnPanel.style.left = window.scrollX + rect.left - (panelWidth + 5) + "px";
            }
        } else {
            console.log("Couldn't find .dfn-panel[data-for='" + el.id + "']");
        }
    } else if(target == "dfn-panel") {
        // Switch it to "activated" state, which pins it.
        el.classList.add("activated");
        el.style.left = null;
        el.style.top = null;
    }

});
</script>